{"affected":[{"ecosystem_specific":{"binaries":[{"libfpm_pb0":"1.1.1-17.3.3","libospf0":"1.1.1-17.3.3","libospfapiclient0":"1.1.1-17.3.3","libquagga_pb0":"1.1.1-17.3.3","libzebra1":"1.1.1-17.3.3","quagga":"1.1.1-17.3.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"quagga","purl":"pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-17.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"quagga-devel":"1.1.1-17.3.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"quagga","purl":"pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-17.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"quagga-devel":"1.1.1-17.3.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"quagga","purl":"pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-17.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libfpm_pb0":"1.1.1-17.3.3","libospf0":"1.1.1-17.3.3","libospfapiclient0":"1.1.1-17.3.3","libquagga_pb0":"1.1.1-17.3.3","libzebra1":"1.1.1-17.3.3","quagga":"1.1.1-17.3.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"quagga","purl":"pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-17.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libfpm_pb0":"1.1.1-17.3.3","libospf0":"1.1.1-17.3.3","libospfapiclient0":"1.1.1-17.3.3","libquagga_pb0":"1.1.1-17.3.3","libzebra1":"1.1.1-17.3.3","quagga":"1.1.1-17.3.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"quagga","purl":"pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-17.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libfpm_pb0":"1.1.1-17.3.3","libospf0":"1.1.1-17.3.3","libospfapiclient0":"1.1.1-17.3.3","libquagga_pb0":"1.1.1-17.3.3","libzebra1":"1.1.1-17.3.3","quagga":"1.1.1-17.3.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"quagga","purl":"pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-17.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libfpm_pb0":"1.1.1-17.3.3","libospf0":"1.1.1-17.3.3","libospfapiclient0":"1.1.1-17.3.3","libquagga_pb0":"1.1.1-17.3.3","libzebra1":"1.1.1-17.3.3","quagga":"1.1.1-17.3.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"quagga","purl":"pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.1-17.3.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update provides Quagga 1.1.1, which brings several fixes and enhancements.\n\nSecurity issues fixed:\n\n- CVE-2017-5495: Telnet 'vty' interface DoS due to unbounded memory allocation. (bsc#1021669)\n- CVE-2016-1245: Stack overrun in IPv6 RA receive code. (bsc#1005258)\n\nBug fixes:\n\n- Do not enable zebra's TCP interface (port 2600) to use default UNIX socket for communication\n  between the daemons. (fate#323170)\n\nBetween 0.99.22.1 and 1.1.1 the following improvements have been implemented:\n\n- Changed the default of 'link-detect' state, controlling whether zebra will respond to\n  link-state events and consider an interface to be down when link is down. To retain the\n  current behavior save your config before updating, otherwise remove the 'link-detect'\n  flag from your config prior to updating. There is also a new global 'default link-detect\n  (on|off)' flag to configure the global default.\n- Greatly improved nexthop resolution for recursive routes.\n- Event driven nexthop resolution for BGP.\n- Route tags support.\n- Transport of TE related metrics over OSPF, IS-IS.\n- IPv6 Multipath for zebra and BGP.\n- Multicast RIB support has been extended. It still is IPv4 only.\n- RIP for IPv4 now supports equal-cost multipath (ECMP).\n- route-maps have a new action 'set ipv6 next-hop peer-address'.\n- route-maps have a new action 'set as-path prepend last-as'.\n- 'next-hop-self all' to override nexthop on iBGP route reflector setups.\n- New pimd daemon provides IPv4 PIM-SSM multicast routing.\n- IPv6 address management has been improved regarding tentative addresses. This is visible in\n  that a freshly configured address will not immediately be marked as usable.\n- Recursive route support has been overhauled. Scripts parsing 'show ip route' output may need\n  adaptation.\n- A large amount of changes has been merged for ospf6d. Careful evaluation prior to deployment\n  is recommended.\n- Multiprotocol peerings over IPv6 now try to find a more appropriate IPv4 nexthop by looking at\n  the interface.\n- Relaxed bestpath criteria for multipath and improved display of multipath routes in 'show ip bgp'.\n  Scripts parsing this output may need to be updated.\n- Support for iBGP TTL security.\n","id":"SUSE-SU-2017:2294-1","modified":"2017-08-29T14:49:01Z","published":"2017-08-29T14:49:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172294-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005258"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021669"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034273"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1245"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5495"}],"related":["CVE-2016-1245","CVE-2017-5495"],"summary":"Security update for quagga","upstream":["CVE-2016-1245","CVE-2017-5495"]}