Synopsis: Moderate: quagga security and bug fix update
Advisory ID: SLSA-2017:0794-1
Issue Date: 2017-03-21
CVE Numbers: CVE-2013-2236
CVE-2016-2342
CVE-2016-4049
CVE-2016-1245
CVE-2017-5495
—
Security Fix(es):
* A stack-based buffer overflow flaw was found in the way Quagga handled
IPv6 router advertisement messages. A remote attacker could use this flaw
to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)
* A stack-based buffer overflow flaw was found in the way the Quagga BGP
routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote
attacker could use this flaw to crash the bgpd daemon resulting in denial
of service. (CVE-2016-2342)
* A denial of service flaw was found in the Quagga BGP routing daemon
(bgpd). Under certain circumstances, a remote attacker could send a
crafted packet to crash the bgpd daemon resulting in denial of service.
(CVE-2016-4049)
* A denial of service flaw affecting various daemons in Quagga was found.
A remote attacker could use this flaw to cause the various Quagga daemons,
which expose their telnet interface, to crash. (CVE-2017-5495)
* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD
daemon handled LSA (link-state advertisement) packets. A remote attacker
could use this flaw to crash the ospfd daemon resulting in denial of
service. (CVE-2013-2236)
—
SL6
x86_64
quagga-0.99.15-14.el6.x86_64.rpm
quagga-debuginfo-0.99.15-14.el6.x86_64.rpm
quagga-contrib-0.99.15-14.el6.x86_64.rpm
quagga-debuginfo-0.99.15-14.el6.i686.rpm
quagga-devel-0.99.15-14.el6.i686.rpm
quagga-devel-0.99.15-14.el6.x86_64.rpm
i386
quagga-0.99.15-14.el6.i686.rpm
quagga-debuginfo-0.99.15-14.el6.i686.rpm
quagga-contrib-0.99.15-14.el6.i686.rpm
quagga-devel-0.99.15-14.el6.i686.rpm
– Scientific Linux Development Team
