Support / Security / Advisories / Corporate Server 4.0 / MDKSA-2007:182

Package name: quagga
Date: 2007-09-13
Advisory ID: MDKSA-2007:182
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers
to cause a denial of service crash via a malformed OPEN message or
COMMUNITY attribute.

Updated packages are available that bring Quagga to version 0.99.9
which provides numerous bugfixes over the previous 0.99.3 version,
and also correct this issue.

Updated packages

CS4.0 x86_64

 24474feed270055ce5e5ed096c227e50  corporate/4.0/x86_64/lib64quagga0-0.99.9-0.1.20060mlcs4.x86_64.rpm
 cac13525b2e2935e314fe8a8a0dd1626  corporate/4.0/x86_64/lib64quagga0-devel-0.99.9-0.1.20060mlcs4.x86_64.rpm
 dcb01be5184742e412f99f5fa601f7a7  corporate/4.0/x86_64/quagga-0.99.9-0.1.20060mlcs4.x86_64.rpm
 c8978f69636129050debd2e721bba887  corporate/4.0/x86_64/quagga-contrib-0.99.9-0.1.20060mlcs4.x86_64.rpm 
 5e64b02beff305ba5a37272e13592739  corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm

CS4.0 i586

 ab6e0e1d280a6945ce7a5b47d908181c  corporate/4.0/i586/libquagga0-0.99.9-0.1.20060mlcs4.i586.rpm
 f0744b4772d1d15dc5d02d0642e5f0da  corporate/4.0/i586/libquagga0-devel-0.99.9-0.1.20060mlcs4.i586.rpm
 6d5921788f7a5c169f053013fa4dd0c5  corporate/4.0/i586/quagga-0.99.9-0.1.20060mlcs4.i586.rpm
 cde3640e96e96e47384181a940a9e8c1  corporate/4.0/i586/quagga-contrib-0.99.9-0.1.20060mlcs4.i586.rpm 
 5e64b02beff305ba5a37272e13592739  corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4826