ALAS-2012-090


Amazon Linux AMI Security Advisory: ALAS-2012-90
Advisory Release Date: 2014-09-14 16:37 Pacific
Severity: Low
References: CVE-2012-1820 

Issue Overview:

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.


Affected Packages:

quagga


Issue Correction:
Run yum update quagga to update your system.

New Packages:
i686:
    quagga-devel-0.99.20.1-1.5.amzn1.i686
    quagga-debuginfo-0.99.20.1-1.5.amzn1.i686
    quagga-0.99.20.1-1.5.amzn1.i686
    quagga-contrib-0.99.20.1-1.5.amzn1.i686

src:
    quagga-0.99.20.1-1.5.amzn1.src

x86_64:
    quagga-0.99.20.1-1.5.amzn1.x86_64
    quagga-debuginfo-0.99.20.1-1.5.amzn1.x86_64
    quagga-devel-0.99.20.1-1.5.amzn1.x86_64
    quagga-contrib-0.99.20.1-1.5.amzn1.x86_64