advisories/22610.adv

type: security
subject: Updated quagga packages fix security vulnerability
CVE:
 - CVE-2018-5379
 - CVE-2018-5380
 - CVE-2018-5381
src:
  6:
   core:
     - quagga-0.99.24.1-6.1.mga6
description: |
  This is an update to fix several security issues.
  1. CVE-2018-5379: Fix double free of unknown attribute
  2. CVE-2018-5380: debug print of received NOTIFY data can over-read msg array
  3. CVE-2018-5381: fix infinite loop on certain invalid OPEN messages
references:
 - https://bugs.mageia.org/show_bug.cgi?id=22610
 - https://www.debian.org/security/2018/dsa-4115
 - https://nvd.nist.gov/vuln/detail/CVE-2018-5379
 - https://nvd.nist.gov/vuln/detail/CVE-2018-5380
 - https://nvd.nist.gov/vuln/detail/CVE-2018-5381
 - https://www.quagga.net/security/Quagga-2018-1114.txt
 - https://www.quagga.net/security/Quagga-2018-1550.txt
 - https://www.quagga.net/security/Quagga-2018-1975.txt
ID: MGASA-2018-0133
1	type: security
2	subject: Updated quagga packages fix security vulnerability
3	CVE:
4	- CVE-2018-5379
5	- CVE-2018-5380
6	- CVE-2018-5381
7	src:
8	6:
9	core:
10	- quagga-0.99.24.1-6.1.mga6
11	description: \|
12	This is an update to fix several security issues.
13	1. CVE-2018-5379: Fix double free of unknown attribute
14	2. CVE-2018-5380: debug print of received NOTIFY data can over-read msg array
15	3. CVE-2018-5381: fix infinite loop on certain invalid OPEN messages
16	references:
17	- https://bugs.mageia.org/show_bug.cgi?id=22610
18	- https://www.debian.org/security/2018/dsa-4115
19	- https://nvd.nist.gov/vuln/detail/CVE-2018-5379
20	- https://nvd.nist.gov/vuln/detail/CVE-2018-5380
21	- https://nvd.nist.gov/vuln/detail/CVE-2018-5381
22	- https://www.quagga.net/security/Quagga-2018-1114.txt
23	- https://www.quagga.net/security/Quagga-2018-1550.txt
24	- https://www.quagga.net/security/Quagga-2018-1975.txt
25	ID: MGASA-2018-0133