CESA-2017:0794 -- centos 6 quaggaID: oval:org.secpod.oval:def:204692 | Date: (C)2018-04-30 (M)2023-07-28 |
Class: PATCH | Family: unix |
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. * A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. * A denial of service flaw was found in the Quagga BGP routing daemon . Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. * A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.