MGASA-2012-0133
Date: | June 27th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated quagga package fixes security vulnerability:
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and
earlier allows remote attackers to cause a denial of service
(assertion failure and daemon exit) by leveraging a BGP peering
relationship and sending a malformed Outbound Route Filtering (ORF)
capability TLV in an OPEN message (CVE-2012-1820).
Updated Packages:
Mageia 1:
quagga-0.99.18-1.3.mga1
quagga-contrib-0.99.18-1.3.mga1
lib(64)quagga0-0.99.18-1.3.mga1
lib(64)quagga-devel-0.99.18-1.3.mga1
Mageia 2:
quagga-0.99.20.1-3.1.mga2
quagga-contrib-0.99.20.1-3.1.mga2
lib(64)quagga0-0.99.20.1-3.1.mga2
lib(64)quagga-devel-0.99.20.1-3.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1820
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082500.html
https://bugs.mageia.org/show_bug.cgi?id=6512