SUSE-SU-2017:2294-1
- Source
- https://www.suse.com/support/update/announcement/2017/suse-su-20172294-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:2294-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2017:2294-1
- Related
- Published
- 2017-08-29T14:49:01Z
- Modified
- 2017-08-29T14:49:01Z
- Summary
- Security update for quagga
- Details
-
This update provides Quagga 1.1.1, which brings several fixes and enhancements.
Security issues fixed:
- CVE-2017-5495: Telnet 'vty' interface DoS due to unbounded memory allocation. (bsc#1021669)
- CVE-2016-1245: Stack overrun in IPv6 RA receive code. (bsc#1005258)
Bug fixes:
- Do not enable zebra's TCP interface (port 2600) to use default UNIX socket for communication between the daemons. (fate#323170)
Between 0.99.22.1 and 1.1.1 the following improvements have been implemented:
- Changed the default of 'link-detect' state, controlling whether zebra will respond to link-state events and consider an interface to be down when link is down. To retain the current behavior save your config before updating, otherwise remove the 'link-detect' flag from your config prior to updating. There is also a new global 'default link-detect (on|off)' flag to configure the global default.
- Greatly improved nexthop resolution for recursive routes.
- Event driven nexthop resolution for BGP.
- Route tags support.
- Transport of TE related metrics over OSPF, IS-IS.
- IPv6 Multipath for zebra and BGP.
- Multicast RIB support has been extended. It still is IPv4 only.
- RIP for IPv4 now supports equal-cost multipath (ECMP).
- route-maps have a new action 'set ipv6 next-hop peer-address'.
- route-maps have a new action 'set as-path prepend last-as'.
- 'next-hop-self all' to override nexthop on iBGP route reflector setups.
- New pimd daemon provides IPv4 PIM-SSM multicast routing.
- IPv6 address management has been improved regarding tentative addresses. This is visible in that a freshly configured address will not immediately be marked as usable.
- Recursive route support has been overhauled. Scripts parsing 'show ip route' output may need adaptation.
- A large amount of changes has been merged for ospf6d. Careful evaluation prior to deployment is recommended.
- Multiprotocol peerings over IPv6 now try to find a more appropriate IPv4 nexthop by looking at the interface.
- Relaxed bestpath criteria for multipath and improved display of multipath routes in 'show ip bgp'. Scripts parsing this output may need to be updated.
- Support for iBGP TTL security.
- References
Affected packages
SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2 / quagga
Package
- Name
- quagga
- Purl
- pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2
SUSE:Linux Enterprise Software Development Kit 12 SP2 / quagga
Package
- Name
- quagga
- Purl
- pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
SUSE:Linux Enterprise Software Development Kit 12 SP3 / quagga
Package
- Name
- quagga
- Purl
- pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
SUSE:Linux Enterprise Server 12 SP2 / quagga
Package
- Name
- quagga
- Purl
- pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2
SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / quagga
Package
- Name
- quagga
- Purl
- pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
SUSE:Linux Enterprise Server 12 SP3 / quagga
Package
- Name
- quagga
- Purl
- pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3