From the oss-security mailing list at $URL: Marco d'Itri in Debian bug [1] has reported the following deficiency, being present in 0.99.21 and possibly earlier versions of the Quagga routing suite: A denial of service flaw was found in the way Quagga's ospf6d daemon performed routes removal. In certain circumstances when removing the route the ospf6d daemon terminated with assertion failure when trying to determine / find, which route to remove. An OSPF6 router could use this flaw to cause ospf6d on an adjacent router to abort. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 [2] https://bugzilla.redhat.com/show_bug.cgi?id=876197 Upstream bug report: [3] https://bugzilla.quagga.net/show_bug.cgi?id=747
This issue is not fixed with 0.99.22, as upstream says
still not fixed in 0.99.24.1 :-(
@maintainers is this bug stable? Can we send to glsa? Mike Boyle Security Padawan
No, this is still not fixed upstream
Still nothing from the original reporter following multiple releases of quagga and questions from upstream. Upstream is unable to produce still. Minimal security impact.
