MDVSA-2011:058
- Package name
- quagga
- Date
- 2011-04-01
- Advisory ID
- MDVSA-2011:058
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Problem description
Multiple vulnerabilities has been identified and fixed in quagga:
The extended-community parser in bgpd in Quagga before 0.99.18 allows
remote attackers to cause a denial of service (NULL pointer dereference
and application crash) via a malformed Extended Communities attribute
(CVE-2010-1674).
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial
of service (session reset) via a malformed AS_PATHLIMIT path attribute
(CVE-2010-1675).
Updated packages are available that bring Quagga to version 0.99.18
which provides numerous bugfixes over the previous 0.99.17 version,
and also corrects these issues.
Updated packages
CS4.0 x86_64
130cac8e86e6bb41e8139ea53fb5bd35 corporate/4.0/x86_64/lib64quagga0-0.99.18-0.1.20060mlcs4.x86_64.rpm f7074a145d6742523470aadc450eeda2 corporate/4.0/x86_64/lib64quagga0-devel-0.99.18-0.1.20060mlcs4.x86_64.rpm d9e5ac8f09fc897d1f2fa113c4801b79 corporate/4.0/x86_64/quagga-0.99.18-0.1.20060mlcs4.x86_64.rpm 1ca735918f1126b00b64e1433d2dc85d corporate/4.0/x86_64/quagga-contrib-0.99.18-0.1.20060mlcs4.x86_64.rpm 64b55fea4af3b02837266cc9e5162841 corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm
CS4.0 i586
87b588dee68e7b87d505e9d3953a279c corporate/4.0/i586/libquagga0-0.99.18-0.1.20060mlcs4.i586.rpm 818e4b52aca03cb083aec7486630964c corporate/4.0/i586/libquagga0-devel-0.99.18-0.1.20060mlcs4.i586.rpm fb9f8c521a536d0b92cb8f070a80ad83 corporate/4.0/i586/quagga-0.99.18-0.1.20060mlcs4.i586.rpm b62e56494540a8dc9de806e59150d3f3 corporate/4.0/i586/quagga-contrib-0.99.18-0.1.20060mlcs4.i586.rpm 64b55fea4af3b02837266cc9e5162841 corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm