Amazon Linux 1 Security Advisory: ALAS-2012-90
Advisory Release Date: 2012-06-19 16:01 Pacific
Advisory Updated Date: 2014-09-14 16:37 Pacific
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
Affected Packages:
quagga
Issue Correction:
Run yum update quagga to update your system.
i686:
quagga-devel-0.99.20.1-1.5.amzn1.i686
quagga-debuginfo-0.99.20.1-1.5.amzn1.i686
quagga-0.99.20.1-1.5.amzn1.i686
quagga-contrib-0.99.20.1-1.5.amzn1.i686
src:
quagga-0.99.20.1-1.5.amzn1.src
x86_64:
quagga-0.99.20.1-1.5.amzn1.x86_64
quagga-debuginfo-0.99.20.1-1.5.amzn1.x86_64
quagga-devel-0.99.20.1-1.5.amzn1.x86_64
quagga-contrib-0.99.20.1-1.5.amzn1.x86_64