ALAS-2014-279


Amazon Linux 1 Security Advisory: ALAS-2014-279
Advisory Release Date: 2014-01-14 17:02 Pacific
Advisory Updated Date: 2014-09-16 22:19 Pacific
Severity: Medium

Issue Overview:

The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.


Affected Packages:

quagga


Issue Correction:
Run yum update quagga to update your system.

New Packages:
i686:
    quagga-devel-0.99.21-6.12.amzn1.i686
    quagga-contrib-0.99.21-6.12.amzn1.i686
    quagga-0.99.21-6.12.amzn1.i686
    quagga-debuginfo-0.99.21-6.12.amzn1.i686

src:
    quagga-0.99.21-6.12.amzn1.src

x86_64:
    quagga-contrib-0.99.21-6.12.amzn1.x86_64
    quagga-0.99.21-6.12.amzn1.x86_64
    quagga-debuginfo-0.99.21-6.12.amzn1.x86_64
    quagga-devel-0.99.21-6.12.amzn1.x86_64