漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that Quagga incorrectly handled certain BGP UPDATE messages.
It was discovered that Quagga incorrectly handled memory in the telnet vty CLI.
漏洞危害
A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. (CVE-2017-16227)
An attacker able to connect to the telnet interface could possibly use this issue to cause Quagga to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-5495)
解决方案
Refer to Ubuntu advisory USN-3471-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3471-1: 17.04 (zesty) on src (quagga)
USN-3471-1: 14.04 (Kylin) on src (quagga)
USN-3471-1: 17.10 (artful) on src (quagga)
USN-3471-1: 17.10 (artful) on src (quagga-bgpd)
0daybank
文章评论