Package name
quagga
Date
2013-10-18
Advisory ID
MDVSA-2013:254
Affected versions
MBS1 x86_64

Problem description

Updated quagga packages fix security vulnerability:

Remotely exploitable buffer overflow in ospf_api.c and ospfclient.c
when processing LSA messages in quagga before 0.99.22.2
(CVE-2013-2236).

Note: We have worked around this vulnerability by disabling the
ospf_api and ospfclient features, which did not provide useful
functionality.

Updated packages

MBS1 x86_64

 8c751a0311cd7654f4899300144e7351  mbs1/x86_64/lib64quagga0-0.99.20.1-4.2.mbs1.x86_64.rpm
 08329e6630d02e97286a2f9fe8177129  mbs1/x86_64/lib64quagga-devel-0.99.20.1-4.2.mbs1.x86_64.rpm
 e922a4b95ff082292b0df477645004f7  mbs1/x86_64/quagga-0.99.20.1-4.2.mbs1.x86_64.rpm
 05d43b0bdadb568ea8709f041abb7174  mbs1/x86_64/quagga-contrib-0.99.20.1-4.2.mbs1.x86_64.rpm 
 91fc66bff311ceb33412289f8b82490a  mbs1/SRPMS/quagga-0.99.20.1-4.2.mbs1.src.rpm

References