Amazon Linux 1 Security Advisory: ALAS-2014-279
Advisory Release Date: 2014-01-14 17:02 Pacific
Advisory Updated Date: 2014-09-16 22:19 Pacific
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.
Affected Packages:
quagga
Issue Correction:
Run yum update quagga to update your system.
i686:
quagga-devel-0.99.21-6.12.amzn1.i686
quagga-contrib-0.99.21-6.12.amzn1.i686
quagga-0.99.21-6.12.amzn1.i686
quagga-debuginfo-0.99.21-6.12.amzn1.i686
src:
quagga-0.99.21-6.12.amzn1.src
x86_64:
quagga-contrib-0.99.21-6.12.amzn1.x86_64
quagga-0.99.21-6.12.amzn1.x86_64
quagga-debuginfo-0.99.21-6.12.amzn1.x86_64
quagga-devel-0.99.21-6.12.amzn1.x86_64