Synopsis: Moderate: quagga security update Issue date: 2010-12-06 CVE Names: CVE-2010-2948 CVE-2010-2949 A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh (RR) messages. A configured BGP peer could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. (CVE-2010-2948) Note: On Scientific Linux 6 it is not possible to exploit CVE-2010-2948 to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon parsed the paths of autonomous systems (AS). A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-2949) After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. SL 6.x SRPMS: quagga-0.99.15-5.el6_0.1.src.rpm i386: quagga-0.99.15-5.el6_0.1.i686.rpm quagga-contrib-0.99.15-5.el6_0.1.i686.rpm quagga-devel-0.99.15-5.el6_0.1.i686.rpm x86_64: quagga-0.99.15-5.el6_0.1.x86_64.rpm quagga-contrib-0.99.15-5.el6_0.1.x86_64.rpm quagga-devel-0.99.15-5.el6_0.1.i686.rpm quagga-devel-0.99.15-5.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson