ALAS-2012-070


Amazon Linux 1 Security Advisory: ALAS-2012-70
Advisory Release Date: 2012-04-30 14:55 Pacific
Advisory Updated Date: 2014-09-14 15:49 Pacific
Severity: Medium

Issue Overview:

Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.


Affected Packages:

quagga


Issue Correction:
Run yum update quagga to update your system.

New Packages:
i686:
    quagga-contrib-0.99.20.1-1.4.amzn1.i686
    quagga-0.99.20.1-1.4.amzn1.i686
    quagga-devel-0.99.20.1-1.4.amzn1.i686
    quagga-debuginfo-0.99.20.1-1.4.amzn1.i686

src:
    quagga-0.99.20.1-1.4.amzn1.src

x86_64:
    quagga-contrib-0.99.20.1-1.4.amzn1.x86_64
    quagga-devel-0.99.20.1-1.4.amzn1.x86_64
    quagga-0.99.20.1-1.4.amzn1.x86_64
    quagga-debuginfo-0.99.20.1-1.4.amzn1.x86_64