{ "schema_version": "1.7.0", "id": "MGASA-2013-0310", "published": "2013-10-17T19:40:12Z", "modified": "2013-10-17T19:40:07Z", "summary": "Updated quagga packages fix CVE-2013-2236", "details": "Updated quagga packages fix security vulnerability:\n\nRemotely exploitable buffer overflow in ospf_api.c and ospfclient.c when\nprocessing LSA messages in quagga before 0.99.22.2 (CVE-2013-2236).\n\nNote: We have worked around this vulnerability by disabling the ospf_api\nand ospfclient features, which did not provide useful functionality.\n", "upstream": [ "CVE-2013-2236" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0310.html" }, { "type": "WEB", "url": "http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html" }, { "type": "WEB", "url": "http://www.gentoo.org/security/en/glsa/glsa-201310-08.xml" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=11433" } ], "affected": [ { "package": { "ecosystem": "Mageia:2", "name": "quagga", "purl": "pkg:rpm/mageia/quagga?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.99.20.1-3.2.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "quagga", "purl": "pkg:rpm/mageia/quagga?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.99.20.1-9.1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }