B0;115;0cOn Thu, Jun 07, 2018 at 08:27:22PM +0200, Ondrej Zajicek wrote:
> On Thu, Jun 07, 2018 at 01:37:04PM +0200, Jonas Meurer wrote:
> > Source: bird
> > Version: 1.6.3-2
> > Severity: critical
> > Tags: security
> >
> > According to the upstream website[1] and changelog[2], bird release 1.6.4
> > includes an "important security bugfix".
>
> Hi
>
> It is an security bugfix, but perhaps not so critical, it can be
> exploited in very specific circumstances and probably only as a DoS,
> not as a privilege escalation.
I'm not familiar with bird, so we could use help insight to assess the
scope of the issue:
Could you please elaborate what these circumstances are? Like, who's
able to trigger a crash, does it affect only specific setups/conditions?
Cheers,
Moritz
