Skip to navigation

Security Advisory Moderate: quagga security update

Advisory: RHSA-2012:1258-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-09-12
Last updated on: 2012-09-12
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-1674
CVE-2011-3323
CVE-2011-3324
CVE-2011-3325
CVE-2011-3326
CVE-2011-3327
CVE-2012-0249
CVE-2012-0250

Details

Updated quagga packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol. The Quagga
ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)
routing protocol.

A heap-based buffer overflow flaw was found in the way the bgpd daemon
processed malformed Extended Communities path attributes. An attacker could
send a specially-crafted BGP message, causing bgpd on a target system to
crash or, possibly, execute arbitrary code with the privileges of the user
running bgpd. The UPDATE message would have to arrive from an explicitly
configured BGP peer, but could have originated elsewhere in the BGP
network. (CVE-2011-3327)

A NULL pointer dereference flaw was found in the way the bgpd daemon
processed malformed route Extended Communities attributes. A configured
BGP peer could crash bgpd on a target system via a specially-crafted BGP
message. (CVE-2010-1674)

A stack-based buffer overflow flaw was found in the way the ospf6d daemon
processed malformed Link State Update packets. An OSPF router could use
this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)

A flaw was found in the way the ospf6d daemon processed malformed link
state advertisements. An OSPF neighbor could use this flaw to crash
ospf6d on a target system. (CVE-2011-3324)

A flaw was found in the way the ospfd daemon processed malformed Hello
packets. An OSPF neighbor could use this flaw to crash ospfd on a
target system. (CVE-2011-3325)

A flaw was found in the way the ospfd daemon processed malformed link state
advertisements. An OSPF router in the autonomous system could use this flaw
to crash ospfd on a target system. (CVE-2011-3326)

An assertion failure was found in the way the ospfd daemon processed
certain Link State Update packets. An OSPF router could use this flaw to
cause ospfd on an adjacent router to abort. (CVE-2012-0249)

A buffer overflow flaw was found in the way the ospfd daemon processed
certain Link State Update packets. An OSPF router could use this flaw to
crash ospfd on an adjacent router. (CVE-2012-0250)

Red Hat would like to thank CERT-FI for reporting CVE-2011-3327,
CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the
CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS
project as the original reporters of CVE-2011-3327, CVE-2011-3323,
CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges
Martin Winter at OpenSourceRouting.org as the original reporter of
CVE-2012-0249 and CVE-2012-0250.

Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd, ospfd, and ospf6d daemons will be restarted
automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
quagga-0.98.6-7.el5_8.1.src.rpm
File outdated by:  RHBA-2013:0050
    MD5: 9aee603eb265c60823a971a91793548f
SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
 
IA-32:
quagga-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 2bb39cabd16c686cdac580440f5e73e3
SHA-256: 0396d793c76964a42b1ddef32f5060c2be26440c086bb2094644b61a05fb6905
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 96eff02fd9360ffccc1b53289f735286
SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-devel-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: d8c76c62dddb2ff303b31ae76a694951
SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9
 
x86_64:
quagga-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 799ee148717d3c7d201af043a961e6cd
SHA-256: 2b5aab3716a648710993047b9ffcbcb89634b20454d797d75adad45cf24bc6e9
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 96eff02fd9360ffccc1b53289f735286
SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 1dda68c6bd0a0b25cf06f674900b99d2
SHA-256: 27d295b8daba80b8e8880a0294534cac3cc8fae06aec281508d7bd04517796c7
quagga-devel-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: d8c76c62dddb2ff303b31ae76a694951
SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9
quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 7c95a926622a2dadfea6d9f49984896f
SHA-256: c0f000a30b70c7d5061b9b09ce3447f8482f59e04bc9526b64ebf34e68afdbed
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
quagga-0.98.6-7.el5_8.1.src.rpm
File outdated by:  RHBA-2013:0050
    MD5: 9aee603eb265c60823a971a91793548f
SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
 
IA-32:
quagga-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 2bb39cabd16c686cdac580440f5e73e3
SHA-256: 0396d793c76964a42b1ddef32f5060c2be26440c086bb2094644b61a05fb6905
quagga-contrib-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 22e59e5dd68c93c84337e139958dddc7
SHA-256: c8106d0a0a6d94e4af49ed12b31d5f726a80e24e0947ac9c925ebc9cd623223e
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 96eff02fd9360ffccc1b53289f735286
SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-devel-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: d8c76c62dddb2ff303b31ae76a694951
SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9
 
IA-64:
quagga-0.98.6-7.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0050
    MD5: d1cdc1414c2e12f26eabd31d902659bb
SHA-256: f837c40b0b8938e42bac3de8624a2f0cd6d091cb38a0ca3dd248f9c180a91eeb
quagga-contrib-0.98.6-7.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0050
    MD5: a3eba3ebf5ca3513b5bfa845b386a1bb
SHA-256: 55bdda499ea58b3ae5cc63c2627bdb0fa53dd8bce19e4e7cf58641574d06848f
quagga-debuginfo-0.98.6-7.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 076d29713a2db6d74317f74c3853c3fb
SHA-256: c7503c1d680304bca6180bfeacf502e5652c090ecd74fb2fb68bd8bb766db149
quagga-devel-0.98.6-7.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 1a34523aee36e7c6e82f1185ea6a1a37
SHA-256: 7584c1ada35f3fa9b1bc35936fbae38dd08d399c30a0e8bb61a7f7d6f029961d
 
PPC:
quagga-0.98.6-7.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0050
    MD5: e15cec127d3a8bca1870b0e486357030
SHA-256: 1854b9353be7205b94a8136aee1ef5525fc334b744f107a698d36280fd22d0e9
quagga-contrib-0.98.6-7.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0050
    MD5: 641b6604e37813ab0758c4fef2529ba2
SHA-256: c7ebe2fb9c74253623bf6c452ef2e10cdf57d7d10880a920fdfde4115b5a5868
quagga-debuginfo-0.98.6-7.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0050
    MD5: 3089807ce9fea1daf3d823fdc1e2bd78
SHA-256: bcecaef2b7d6340efdf5308ee92050d8a0a82e042da47505832f1c90c5ea8ce0
quagga-debuginfo-0.98.6-7.el5_8.1.ppc64.rpm
File outdated by:  RHBA-2013:0050
    MD5: f5466895b5d05adf6b2d5b8d5e44ce90
SHA-256: 3cb36c1b3d632a48d44017f939fd6795c736aaf6e47f4b3f21e60eb98af28082
quagga-devel-0.98.6-7.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0050
    MD5: ddc39c7f64df7d1a6c63c28302e15ad9
SHA-256: f5d8b52c963b5a6bbb3ad73d3213038655fdc80129b49ca1258ffeba4d03a69d
quagga-devel-0.98.6-7.el5_8.1.ppc64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 3f86623d3eb3eccc8a501713f876bf32
SHA-256: 632f1cfd7ba33d048db9fba6d55f32357acad3a2815a3db02d82e44577691b06
 
s390x:
quagga-0.98.6-7.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0050
    MD5: 074923698b48f877a90a3c8e304869fe
SHA-256: c593132055d691480cdda2ca781d8f1baff8d1d418f1f4e5ad72002d36be7c3b
quagga-contrib-0.98.6-7.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0050
    MD5: 7f6600d296ae4073c0a04ee00f003d1b
SHA-256: 8016f7a9585497c75a07f9b7d2a5abcf6853dddf3b39bda52c1b57cf5dfba416
quagga-debuginfo-0.98.6-7.el5_8.1.s390.rpm
File outdated by:  RHBA-2013:0050
    MD5: 044e17a92d8f3c7ec4f6a30d25f4c638
SHA-256: 1acc5b043a428a8206979af23bc4d13799f1bc13a9dee09d01a5b328738e8a27
quagga-debuginfo-0.98.6-7.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0050
    MD5: 329253610b538b03c88630508210d662
SHA-256: dc73945b764f9d0b6e3e08f2d5fb922dc4963f7bcda5ce34f26ed60739946082
quagga-devel-0.98.6-7.el5_8.1.s390.rpm
File outdated by:  RHBA-2013:0050
    MD5: 969991ed80fea0e81a978fb62d25fb1d
SHA-256: 1699b05f533afcbf639adc24bb775c71aa06a7fc0a49b0c0e9ba5e1a23a7393f
quagga-devel-0.98.6-7.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0050
    MD5: 310a4519c01d4226a28ede489287cbfc
SHA-256: 4c15ab5017a898a0f936750f3ac12498f1396486595f334107a6f76ab1ccacbe
 
x86_64:
quagga-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 799ee148717d3c7d201af043a961e6cd
SHA-256: 2b5aab3716a648710993047b9ffcbcb89634b20454d797d75adad45cf24bc6e9
quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 27fbc9270a467cf0856b8bc0bab9514e
SHA-256: 360eec698c9766a78651fc5a64eff18e37477de8504dbc56e0359a74b1b001e5
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 96eff02fd9360ffccc1b53289f735286
SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 1dda68c6bd0a0b25cf06f674900b99d2
SHA-256: 27d295b8daba80b8e8880a0294534cac3cc8fae06aec281508d7bd04517796c7
quagga-devel-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: d8c76c62dddb2ff303b31ae76a694951
SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9
quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 7c95a926622a2dadfea6d9f49984896f
SHA-256: c0f000a30b70c7d5061b9b09ce3447f8482f59e04bc9526b64ebf34e68afdbed
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
quagga-0.98.6-7.el5_8.1.src.rpm
File outdated by:  RHBA-2013:0050
    MD5: 9aee603eb265c60823a971a91793548f
SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
 
IA-32:
quagga-contrib-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 22e59e5dd68c93c84337e139958dddc7
SHA-256: c8106d0a0a6d94e4af49ed12b31d5f726a80e24e0947ac9c925ebc9cd623223e
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0050
    MD5: 96eff02fd9360ffccc1b53289f735286
SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
 
x86_64:
quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 27fbc9270a467cf0856b8bc0bab9514e
SHA-256: 360eec698c9766a78651fc5a64eff18e37477de8504dbc56e0359a74b1b001e5
quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0050
    MD5: 1dda68c6bd0a0b25cf06f674900b99d2
SHA-256: 27d295b8daba80b8e8880a0294534cac3cc8fae06aec281508d7bd04517796c7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route
738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers
738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type
738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type
738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes
802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet
802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/