From secunia security advisory at $URL: Description: 1) Two errors exist within ospfd. No further information is currently available. 2) An error within the "bgp_open_receive()" function (bgpd/bgp_packet.c) when parsing a peer input stream can be exploited to trigger an assertion and cause a crash. The vulnerabilities are reported in versions prior to 0.99.20.1. Solution: Update to version 0.99.20.1.
CVE-2012-0255 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255): The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). CVE-2012-0250 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250): Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. CVE-2012-0249 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249): Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.
CVE-2012-1820 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820): The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
0.99.21 is in tree now. Arches, please test and mark stable =net-misc/quagga-0.99.21 Target keywords: alpha amd64 arm hppa ppc s390 sparc x86
Please get rid of USE=logrotate (see bug #198901).
(In reply to comment #4) > Please get rid of USE=logrotate (see bug #198901). Fixed that.
Stable for HPPA.
since there are at least 2 compile failures, I'm wondering on how hppa has tested it.
amd64 stable
x86 stable
alpha/arm/s390/sparc stable
ppc stable
Thanks, everyone. GLSA vote: yes.
GLSA Vote: yes, too. New GLSA request filed.
This issue was resolved and addressed in GLSA 201310-08 at http://security.gentoo.org/glsa/glsa-201310-08.xml by GLSA coordinator Sean Amoss (ackle).
