Amazon Linux 1 Security Advisory: ALAS-2012-70
Advisory Release Date: 2012-04-30 14:55 Pacific
Advisory Updated Date: 2014-09-14 15:49 Pacific
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
Affected Packages:
quagga
Issue Correction:
Run yum update quagga to update your system.
i686:
quagga-contrib-0.99.20.1-1.4.amzn1.i686
quagga-0.99.20.1-1.4.amzn1.i686
quagga-devel-0.99.20.1-1.4.amzn1.i686
quagga-debuginfo-0.99.20.1-1.4.amzn1.i686
src:
quagga-0.99.20.1-1.4.amzn1.src
x86_64:
quagga-contrib-0.99.20.1-1.4.amzn1.x86_64
quagga-devel-0.99.20.1-1.4.amzn1.x86_64
quagga-0.99.20.1-1.4.amzn1.x86_64
quagga-debuginfo-0.99.20.1-1.4.amzn1.x86_64