1
PublicDateAtUSN: 2018-02-13
2
Candidate: CVE-2018-5379
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5379
7
https://www.quagga.net/security/Quagga-2018-1114.txt
8
https://usn.ubuntu.com/usn/usn-3573-1
10
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory
11
when processing certain forms of UPDATE message, containing cluster-list
12
and/or unknown attributes. A successful attack could cause a denial of
13
service or potentially allow an attacker to execute arbitrary code.
16
mdeslaur> this is Quagga-2018-1114
24
upstream_quagga: released (1.2.3)
25
precise/esm_quagga: DNE
26
trusty_quagga: released (0.99.22.4-3ubuntu1.5)
27
xenial_quagga: released (0.99.24.1-2ubuntu1.4)
28
artful_quagga: released (1.1.1-3ubuntu0.2)
29
devel_quagga: released (1.2.2-1ubuntu1)