ASA-201712-7 log generated external raw

[ASA-201712-7] quagga: denial of service
Arch Linux Security Advisory ASA-201712-7 ========================================= Severity: Medium Date : 2017-12-13 CVE-ID : CVE-2017-16227 Package : quagga Type : denial of service Remote : Yes Link : Summary ======= The package quagga before version 1.2.2-1 is vulnerable to denial of service. Resolution ========== Upgrade to 1.2.2-1. # pacman -Syu "quagga>=1.2.2-1" The problem has been fixed upstream in version 1.2.2. Workaround ========== None. Description =========== A denial of service flaw was found in the way the bgpd daemon in quagga before 1.2.2 handled the processing of large BGP update messages. A remote, previously trusted attacker could potentially use this flaw to cause bgpd to terminate existing BGP sessions, thereby leading to denial of service. Impact ====== A remote previously trusted attacker is able to crash quagga with a maliciously crafted message. References ==========