Skip to navigation

Security Advisory Moderate: quagga security update

Advisory: RHSA-2010:0945-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-12-06
Last updated on: 2010-12-06
Affected Products: Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-2948
CVE-2010-2949

Details

Updated quagga packages that fix two security issues are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol.

A stack-based buffer overflow flaw was found in the way the Quagga bgpd
daemon processed certain BGP Route Refresh (RR) messages. A configured BGP
peer could send a specially-crafted BGP message, causing bgpd on a target
system to crash or, possibly, execute arbitrary code with the privileges of
the user running bgpd. (CVE-2010-2948)

Note: On Red Hat Enterprise Linux 6 it is not possible to exploit
CVE-2010-2948 to run arbitrary code as the overflow is blocked by
FORTIFY_SOURCE.

A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon
parsed the paths of autonomous systems (AS). A configured BGP peer could
crash bgpd on a target system via a specially-crafted BGP message.
(CVE-2010-2949)

Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd daemon must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Server (v. 6)

SRPMS:
quagga-0.99.15-5.el6_0.1.src.rpm
File outdated by:  RHSA-2012:1259
    MD5: 500f2ca7017dcb1baec1c919591a44e2
SHA-256: 2b52df80dcaf80e10c8c545a1f736e6ac584e93d23a5dfb92f8352cbd8114e41
 
IA-32:
quagga-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: 84e97ecbfef51cb99c208645ee7daab5
SHA-256: 18d4d7cd12ace5b7be41e0fb8346d2b6067001bd3e4630f1d5edd1be3024ed94
quagga-contrib-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: 3f5147ec3b07a07563976eafef75bb62
SHA-256: bb63ab394d034806c8e8e2a4be755c7f9af21b722bcbbbf380065ece5379cffa
quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: bf78cc56a6a3d8535a6e34194d9a60bc
SHA-256: 4013892a78749246116ccccf8476c56f1618bfc2869fa2a3da1404df51c464ef
quagga-devel-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: f9ec035e0d25d0d666bc00070e0684cb
SHA-256: 747a11aa980af0372d869d4ed34ab88acdd51186ac33a7ca3698acdbeb2f7e84
 
PPC:
quagga-0.99.15-5.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 8d2a5bdf39402a3f809aade04d79b16b
SHA-256: 6df47632e5475d51bbd543452314baf7c895e8a9555948e38588547e8a480159
quagga-contrib-0.99.15-5.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 83ffdbf053b084f2f0f3e7cca787059a
SHA-256: f8e2925fd99c5fd0daa904ac465753ac3712e45dfce2706d5de7b9c4e37bbd3c
quagga-debuginfo-0.99.15-5.el6_0.1.ppc.rpm
File outdated by:  RHSA-2012:1259
    MD5: e568f72997b786e0cdd34eef7fe77584
SHA-256: b65789a76d60197d7880cac5a22fc2c6ad4aa4a36093bcab8439f17d7aa1073b
quagga-debuginfo-0.99.15-5.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 42b75d1da04878c976efbb55686687d5
SHA-256: 4f7e0f216f846355942e61b547d9d31a449eac6d757c73beb8692ee194318599
quagga-devel-0.99.15-5.el6_0.1.ppc.rpm
File outdated by:  RHSA-2012:1259
    MD5: 65eac9fb3004f08a72536961123a0668
SHA-256: 246e3b8fc75a30aefd8192080ca6a17a04c11d3a45c91d10af6150cee1beb675
quagga-devel-0.99.15-5.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 2f279b498ab052360e4f4f3bd8c5f37c
SHA-256: 375ffcb5083885416a2cba8aa3491960d065833ca4f9b378ad321c6b4a556691
 
s390x:
quagga-0.99.15-5.el6_0.1.s390x.rpm
File outdated by:  RHSA-2012:1259
    MD5: b8175b2bdd095ee5f02d6dfc86a8f604
SHA-256: 91168c6ba9621427da3af745cb5c0451d832cfccdeda25f3f75ded21fda62066
quagga-contrib-0.99.15-5.el6_0.1.s390x.rpm
File outdated by:  RHSA-2012:1259
    MD5: 406e9fd7c0011d1e661d78c579c1f581
SHA-256: 2c6b0deeeeff8984c105701ef55cc0d9e07ce3d65cd34dc603044b1b8fbbef85
quagga-debuginfo-0.99.15-5.el6_0.1.s390.rpm
File outdated by:  RHSA-2012:1259
    MD5: c15be683a9a69132eca1075aaa340884
SHA-256: 76c44d84c616e9f069f9746d60ca98317ece2fdd4277afcc7ea5f064c36473bd
quagga-debuginfo-0.99.15-5.el6_0.1.s390x.rpm
File outdated by:  RHSA-2012:1259
    MD5: 2e5e4d3ed0c240b395221860e7ab1b22
SHA-256: 8d0c97ab613cb4882d805ddbd479b2a3127aa45ad2aa6807cc7cf1c1d46deae4
quagga-devel-0.99.15-5.el6_0.1.s390.rpm
File outdated by:  RHSA-2012:1259
    MD5: 6691ec41ad41c3207a52476505157923
SHA-256: 554ddfad8ac35c79c606ef8e89c0cfd07c47295288588dd750c5a12dacc9e601
quagga-devel-0.99.15-5.el6_0.1.s390x.rpm
File outdated by:  RHSA-2012:1259
    MD5: 7220a776478fa30c781a868f16bf87c3
SHA-256: 22badb8d4b02d2e3f43670edb8388e687cd3ffd51369af378aed555125a879d1
 
x86_64:
quagga-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 9f3bef6cfb3e98e2352e38ba405001a2
SHA-256: ff5401435888baba3a9b5e0a1c87029eb3bfd7cc8fba30b05670836118747f1a
quagga-contrib-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 99b39b71987195b727fdf0fcb75465a7
SHA-256: a6d3891f60ccf27e9de03fc7f8b0e9ad478a9aa0f59c1576c273139d8ce5f428
quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: bf78cc56a6a3d8535a6e34194d9a60bc
SHA-256: 4013892a78749246116ccccf8476c56f1618bfc2869fa2a3da1404df51c464ef
quagga-debuginfo-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 9d2b3a9e84049a6a169a6f71a6736be9
SHA-256: 1eb66d3732ad72535bad0b3283a4a0efd31ad0cd4aa0ac2b672d8027acbe823a
quagga-devel-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: f9ec035e0d25d0d666bc00070e0684cb
SHA-256: 747a11aa980af0372d869d4ed34ab88acdd51186ac33a7ca3698acdbeb2f7e84
quagga-devel-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 8522af486fdf827fefe23facf980c70e
SHA-256: 61600fc79d22e853ea4a3030a17828757234e67b4475c35d0d956a51365aff0f
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
quagga-0.99.15-5.el6_0.1.src.rpm
File outdated by:  RHSA-2012:1259
    MD5: 500f2ca7017dcb1baec1c919591a44e2
SHA-256: 2b52df80dcaf80e10c8c545a1f736e6ac584e93d23a5dfb92f8352cbd8114e41
 
IA-32:
quagga-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2011:0406
    MD5: 84e97ecbfef51cb99c208645ee7daab5
SHA-256: 18d4d7cd12ace5b7be41e0fb8346d2b6067001bd3e4630f1d5edd1be3024ed94
quagga-contrib-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2011:0406
    MD5: 3f5147ec3b07a07563976eafef75bb62
SHA-256: bb63ab394d034806c8e8e2a4be755c7f9af21b722bcbbbf380065ece5379cffa
quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2011:0406
    MD5: bf78cc56a6a3d8535a6e34194d9a60bc
SHA-256: 4013892a78749246116ccccf8476c56f1618bfc2869fa2a3da1404df51c464ef
quagga-devel-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2011:0406
    MD5: f9ec035e0d25d0d666bc00070e0684cb
SHA-256: 747a11aa980af0372d869d4ed34ab88acdd51186ac33a7ca3698acdbeb2f7e84
 
PPC:
quagga-0.99.15-5.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2011:0406
    MD5: 8d2a5bdf39402a3f809aade04d79b16b
SHA-256: 6df47632e5475d51bbd543452314baf7c895e8a9555948e38588547e8a480159
quagga-contrib-0.99.15-5.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2011:0406
    MD5: 83ffdbf053b084f2f0f3e7cca787059a
SHA-256: f8e2925fd99c5fd0daa904ac465753ac3712e45dfce2706d5de7b9c4e37bbd3c
quagga-debuginfo-0.99.15-5.el6_0.1.ppc.rpm
File outdated by:  RHSA-2011:0406
    MD5: e568f72997b786e0cdd34eef7fe77584
SHA-256: b65789a76d60197d7880cac5a22fc2c6ad4aa4a36093bcab8439f17d7aa1073b
quagga-debuginfo-0.99.15-5.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2011:0406
    MD5: 42b75d1da04878c976efbb55686687d5
SHA-256: 4f7e0f216f846355942e61b547d9d31a449eac6d757c73beb8692ee194318599
quagga-devel-0.99.15-5.el6_0.1.ppc.rpm
File outdated by:  RHSA-2011:0406
    MD5: 65eac9fb3004f08a72536961123a0668
SHA-256: 246e3b8fc75a30aefd8192080ca6a17a04c11d3a45c91d10af6150cee1beb675
quagga-devel-0.99.15-5.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2011:0406
    MD5: 2f279b498ab052360e4f4f3bd8c5f37c
SHA-256: 375ffcb5083885416a2cba8aa3491960d065833ca4f9b378ad321c6b4a556691
 
s390x:
quagga-0.99.15-5.el6_0.1.s390x.rpm
File outdated by:  RHSA-2011:0406
    MD5: b8175b2bdd095ee5f02d6dfc86a8f604
SHA-256: 91168c6ba9621427da3af745cb5c0451d832cfccdeda25f3f75ded21fda62066
quagga-contrib-0.99.15-5.el6_0.1.s390x.rpm
File outdated by:  RHSA-2011:0406
    MD5: 406e9fd7c0011d1e661d78c579c1f581
SHA-256: 2c6b0deeeeff8984c105701ef55cc0d9e07ce3d65cd34dc603044b1b8fbbef85
quagga-debuginfo-0.99.15-5.el6_0.1.s390.rpm
File outdated by:  RHSA-2011:0406
    MD5: c15be683a9a69132eca1075aaa340884
SHA-256: 76c44d84c616e9f069f9746d60ca98317ece2fdd4277afcc7ea5f064c36473bd
quagga-debuginfo-0.99.15-5.el6_0.1.s390x.rpm
File outdated by:  RHSA-2011:0406
    MD5: 2e5e4d3ed0c240b395221860e7ab1b22
SHA-256: 8d0c97ab613cb4882d805ddbd479b2a3127aa45ad2aa6807cc7cf1c1d46deae4
quagga-devel-0.99.15-5.el6_0.1.s390.rpm
File outdated by:  RHSA-2011:0406
    MD5: 6691ec41ad41c3207a52476505157923
SHA-256: 554ddfad8ac35c79c606ef8e89c0cfd07c47295288588dd750c5a12dacc9e601
quagga-devel-0.99.15-5.el6_0.1.s390x.rpm
File outdated by:  RHSA-2011:0406
    MD5: 7220a776478fa30c781a868f16bf87c3
SHA-256: 22badb8d4b02d2e3f43670edb8388e687cd3ffd51369af378aed555125a879d1
 
x86_64:
quagga-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2011:0406
    MD5: 9f3bef6cfb3e98e2352e38ba405001a2
SHA-256: ff5401435888baba3a9b5e0a1c87029eb3bfd7cc8fba30b05670836118747f1a
quagga-contrib-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2011:0406
    MD5: 99b39b71987195b727fdf0fcb75465a7
SHA-256: a6d3891f60ccf27e9de03fc7f8b0e9ad478a9aa0f59c1576c273139d8ce5f428
quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2011:0406
    MD5: bf78cc56a6a3d8535a6e34194d9a60bc
SHA-256: 4013892a78749246116ccccf8476c56f1618bfc2869fa2a3da1404df51c464ef
quagga-debuginfo-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2011:0406
    MD5: 9d2b3a9e84049a6a169a6f71a6736be9
SHA-256: 1eb66d3732ad72535bad0b3283a4a0efd31ad0cd4aa0ac2b672d8027acbe823a
quagga-devel-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2011:0406
    MD5: f9ec035e0d25d0d666bc00070e0684cb
SHA-256: 747a11aa980af0372d869d4ed34ab88acdd51186ac33a7ca3698acdbeb2f7e84
quagga-devel-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2011:0406
    MD5: 8522af486fdf827fefe23facf980c70e
SHA-256: 61600fc79d22e853ea4a3030a17828757234e67b4475c35d0d956a51365aff0f
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
quagga-0.99.15-5.el6_0.1.src.rpm
File outdated by:  RHSA-2012:1259
    MD5: 500f2ca7017dcb1baec1c919591a44e2
SHA-256: 2b52df80dcaf80e10c8c545a1f736e6ac584e93d23a5dfb92f8352cbd8114e41
 
IA-32:
quagga-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: 84e97ecbfef51cb99c208645ee7daab5
SHA-256: 18d4d7cd12ace5b7be41e0fb8346d2b6067001bd3e4630f1d5edd1be3024ed94
quagga-contrib-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: 3f5147ec3b07a07563976eafef75bb62
SHA-256: bb63ab394d034806c8e8e2a4be755c7f9af21b722bcbbbf380065ece5379cffa
quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: bf78cc56a6a3d8535a6e34194d9a60bc
SHA-256: 4013892a78749246116ccccf8476c56f1618bfc2869fa2a3da1404df51c464ef
quagga-devel-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: f9ec035e0d25d0d666bc00070e0684cb
SHA-256: 747a11aa980af0372d869d4ed34ab88acdd51186ac33a7ca3698acdbeb2f7e84
 
x86_64:
quagga-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 9f3bef6cfb3e98e2352e38ba405001a2
SHA-256: ff5401435888baba3a9b5e0a1c87029eb3bfd7cc8fba30b05670836118747f1a
quagga-contrib-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 99b39b71987195b727fdf0fcb75465a7
SHA-256: a6d3891f60ccf27e9de03fc7f8b0e9ad478a9aa0f59c1576c273139d8ce5f428
quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: bf78cc56a6a3d8535a6e34194d9a60bc
SHA-256: 4013892a78749246116ccccf8476c56f1618bfc2869fa2a3da1404df51c464ef
quagga-debuginfo-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 9d2b3a9e84049a6a169a6f71a6736be9
SHA-256: 1eb66d3732ad72535bad0b3283a4a0efd31ad0cd4aa0ac2b672d8027acbe823a
quagga-devel-0.99.15-5.el6_0.1.i686.rpm
File outdated by:  RHSA-2012:1259
    MD5: f9ec035e0d25d0d666bc00070e0684cb
SHA-256: 747a11aa980af0372d869d4ed34ab88acdd51186ac33a7ca3698acdbeb2f7e84
quagga-devel-0.99.15-5.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2012:1259
    MD5: 8522af486fdf827fefe23facf980c70e
SHA-256: 61600fc79d22e853ea4a3030a17828757234e67b4475c35d0d956a51365aff0f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

626783 - CVE-2010-2948 Quagga (bgpd): Stack buffer overflow by processing certain Route-Refresh messages
626795 - CVE-2010-2949 Quagga (bgpd): DoS (crash) while processing certain BGP update AS path messages


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/