Advisories » MGASA-2013-0310

Updated quagga packages fix CVE-2013-2236

Publication date: 17 Oct 2013
Modification date: 17 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2236

Description

Updated quagga packages fix security vulnerability:

Remotely exploitable buffer overflow in ospf_api.c and ospfclient.c when
processing LSA messages in quagga before 0.99.22.2 (CVE-2013-2236).

Note: We have worked around this vulnerability by disabling the ospf_api
and ospfclient features, which did not provide useful functionality.
                

References

• http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html
• http://www.gentoo.org/security/en/glsa/glsa-201310-08.xml
• https://bugs.mageia.org/show_bug.cgi?id=11433
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236

SRPMS

2/core

• quagga-0.99.20.1-3.2.mga2

3/core

• quagga-0.99.20.1-9.1.mga3