Synopsis: Moderate: quagga security and bug fix update Advisory ID: SLSA-2017:0794-1 Issue Date: 2017-03-21 CVE Numbers: CVE-2013-2236 CVE-2016-2342 CVE-2016-4049 CVE-2016-1245 CVE-2017-5495 -- Security Fix(es): * A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245) * A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342) * A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049) * A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495) * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236) -- SL6 x86_64 quagga-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm quagga-contrib-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.x86_64.rpm i386 quagga-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-contrib-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.i686.rpm - Scientific Linux Development Team