Source: bird Version: 1.6.7-1 Severity: grave Tags: security upstream Forwarded: http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html Control: found -1 1.6.6-1
Hi, The following vulnerability was published for bird. CVE-2019-16159[0]: | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 | has a stack-based buffer overflow. The BGP daemon's support for RFC | 8203 administrative shutdown communication messages included an | incorrect logical expression when checking the validity of an input | message. Sending a shutdown communication with a sufficient message | length causes a four-byte overflow to occur while processing the | message, where two of the overflow bytes are attacker-controlled and | two are fixed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-16159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16159 [1] http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html [2] http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html [3] http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
