Advisories ยป MGASA-2013-0310

Updated quagga packages fix CVE-2013-2236

Publication date: 17 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2236

Description

Updated quagga packages fix security vulnerability:

Remotely exploitable buffer overflow in ospf_api.c and ospfclient.c when
processing LSA messages in quagga before 0.99.22.2 (CVE-2013-2236).

Note: We have worked around this vulnerability by disabling the ospf_api
and ospfclient features, which did not provide useful functionality.
                

References

SRPMS

2/core

3/core