Synopsis: Moderate: quagga security update Issue date: 2011-03-31 CVE Names: CVE-2010-1674 CVE-2010-1675 A denial of service flaw was found in the way the Quagga bgpd daemon processed certain route metrics information. A BGP message with a specially-crafted path limit attribute would cause the bgpd daemon to reset its session with the peer through which this message was received. (CVE-2010-1675) A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon processed malformed route extended communities attributes. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-1674) After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. SL 6.x SRPMS: quagga-0.99.15-5.el6_0.2.src.rpm i386: quagga-0.99.15-5.el6_0.2.i686.rpm quagga-contrib-0.99.15-5.el6_0.2.i686.rpm quagga-devel-0.99.15-5.el6_0.2.i686.rpm x86_64: quagga-0.99.15-5.el6_0.2.x86_64.rpm quagga-contrib-0.99.15-5.el6_0.2.x86_64.rpm quagga-devel-0.99.15-5.el6_0.2.i686.rpm quagga-devel-0.99.15-5.el6_0.2.x86_64.rpm -Connie Sieh -Troy Dawson