[cumulus-security-announce] Cumulus Networks Security Advisory (CVE-2017-15865)

Cumulus Networks Security Announcements cumulus-security-announce at lists.cumulusnetworks.com
Mon Nov 6 17:48:51 PST 2017


-------------------------------------------------------------------------
Cumulus Networks® Security Advisory
2017-November-5
-------------------------------------------------------------------------

CVE ID: CVE-2017-15865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15865

Description: Malformed BGP UPDATE triggers information disclosure.

Thehttp://repo3.cumulusnetworks.com  repository was updated with the
latest security advisory.

We recommend that you upgrade Cumulus Linux and Cumulus RMP.

For instructions on how to apply the latest security upgrades, please
refer to this Help Center article:
https://support.cumulusnetworks.com/hc/en-us/articles/115014754307#rn690

Regarding previous Debian security upgrades for Cumulus Linux and
Cumulus RMP: The Cumulus Linux and Cumulus RMP binary images by default
include all Debian security updates available prior to the build date.

The Cumulus Linux and Cumulus RMP image files use the following naming
format: <X.Y.Z release>-<md5sum>-<build date>-final.

Customers can identify security vulnerabilities by correlating a build
date with the dates of Debian security updates posted at
http://www.debian.org/security/.

If you have any questions, please contact us atsupport at cumulusnetworks.com.

The Cumulus Networks Team


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/attachments/20171106/b4e68ae9/attachment.html>


More information about the cumulus-security-announce mailing list