PublicDateAtUSN: 2018-02-13
Candidate: CVE-2018-5378
CRD: 2018-02-13
PublicDate: 2018-02-19 13:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5378
 https://www.quagga.net/security/Quagga-2018-0543.txt
 https://ubuntu.com/security/notices/USN-3573-1
Description:
 The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly
 bounds check the data sent with a NOTIFY to a peer, if an attribute length
 is invalid. Arbitrary data from the bgpd process may be sent over the
 network to a peer and/or bgpd may crash.
Ubuntu-Description: 
Notes: 
 mdeslaur> this is Quagga-2018-0543
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H [5.9 MEDIUM]


Patches_quagga:
upstream_quagga: released (1.2.3)
precise/esm_quagga: DNE
trusty_quagga: not-affected (code not present)
trusty/esm_quagga: DNE (trusty was not-affected [code not present])
xenial_quagga: not-affected (code not present)
esm-infra/xenial_quagga: not-affected (code not present)
artful_quagga: released (1.1.1-3ubuntu0.2)
devel_quagga: released (1.2.2-1ubuntu1)