MGASA-2012-0107-2
| Date: | June 10th, 2012 |
| Affected releases: | 1 |
Description:
Updated quagga packages fix security vulnerabilities:
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c
in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows
remote attackers to cause a denial of service (assertion failure and
daemon exit) via a Link State Update (aka LS Update) packet that is
smaller than the length specified in its header (CVE-2012-0249).
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before
0.99.20.1 allows remote attackers to cause a denial of service (daemon
crash) via a Link State Update (aka LS Update) packet containing a
network-LSA link-state advertisement for which the data-structure length
is smaller than the value in the Length header field (CVE-2012-0250).
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not
properly use message buffers for OPEN messages, which allows remote
attackers to cause a denial of service (assertion failure and daemon
exit) via a message associated with a malformed Four-octet AS Number
Capability (aka AS4 capability) (CVE-2012-0255).
UPDATE:
This advisory is updated to correct text errors that incorrectly
listed the updated packages as affected ones.
Updated Packages:
quagga-0.99.18-1.2.mga1
quagga-contrib-0.99.18-1.2.mga1
lib(64)quagga0-0.99.18-1.2.mga1
lib(64)quagga-devel-0.99.18-1.2.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0255
http://www.kb.cert.org/vuls/id/551715
https://bugzilla.quagga.net/show_bug.cgi?id=705
https://bugs.mageia.org/show_bug.cgi?id=5108
