Skip to navigation

Security Advisory Moderate: quagga security update

Advisory: RHSA-2012:1259-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-09-12
Last updated on: 2012-09-12
Affected Products: Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-3323
CVE-2011-3324
CVE-2011-3325
CVE-2011-3326
CVE-2011-3327
CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
CVE-2012-1820

Details

Updated quagga packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol. The Quagga
ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)
routing protocol.

A heap-based buffer overflow flaw was found in the way the bgpd daemon
processed malformed Extended Communities path attributes. An attacker could
send a specially-crafted BGP message, causing bgpd on a target system to
crash or, possibly, execute arbitrary code with the privileges of the user
running bgpd. The UPDATE message would have to arrive from an explicitly
configured BGP peer, but could have originated elsewhere in the BGP
network. (CVE-2011-3327)

A stack-based buffer overflow flaw was found in the way the ospf6d daemon
processed malformed Link State Update packets. An OSPF router could use
this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)

A flaw was found in the way the ospf6d daemon processed malformed link
state advertisements. An OSPF neighbor could use this flaw to crash
ospf6d on a target system. (CVE-2011-3324)

A flaw was found in the way the ospfd daemon processed malformed Hello
packets. An OSPF neighbor could use this flaw to crash ospfd on a
target system. (CVE-2011-3325)

A flaw was found in the way the ospfd daemon processed malformed link state
advertisements. An OSPF router in the autonomous system could use this flaw
to crash ospfd on a target system. (CVE-2011-3326)

An assertion failure was found in the way the ospfd daemon processed
certain Link State Update packets. An OSPF router could use this flaw to
cause ospfd on an adjacent router to abort. (CVE-2012-0249)

A buffer overflow flaw was found in the way the ospfd daemon processed
certain Link State Update packets. An OSPF router could use this flaw to
crash ospfd on an adjacent router. (CVE-2012-0250)

Two flaws were found in the way the bgpd daemon processed certain BGP OPEN
messages. A configured BGP peer could cause bgpd on a target system to
abort via a specially-crafted BGP OPEN message. (CVE-2012-0255,
CVE-2012-1820)

Red Hat would like to thank CERT-FI for reporting CVE-2011-3327,
CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the
CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and
CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka
Taimisto of the Codenomicon CROSS project as the original reporters of
CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and
CVE-2011-3326. The CERT/CC acknowledges Martin Winter at
OpenSourceRouting.org as the original reporter of CVE-2012-0249,
CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original
reporter of CVE-2012-1820.

Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd, ospfd, and ospf6d daemons will be restarted
automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Server (v. 6)

SRPMS:
quagga-0.99.15-7.el6_3.2.src.rpm     MD5: 0b754b5c3a7ec35c84dc6e6e9927b180
SHA-256: daf0287e8b55f88447ca510cb25da5958b8891db43e76925771bbd56f57ce984
 
IA-32:
quagga-0.99.15-7.el6_3.2.i686.rpm     MD5: 47b5d0add8afb836982038ae72a9a60e
SHA-256: 3d933a6cd666e31ae4ddc0bb4949c59a6464e5e6ba3a533b99b1ca46344eb297
quagga-contrib-0.99.15-7.el6_3.2.i686.rpm     MD5: 19e4f215a83a829b54f7d009481a53c6
SHA-256: 763b5c8e1a849837ee197c09dd78da0ad940f75ba19775398837fca95337515a
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm     MD5: 161adbe6eb594f7a23b5f0b21714a757
SHA-256: bf5aee7e85afc38a3a6be3b9438d01e01f58767790b93e57741ebb0c9adef0c3
quagga-devel-0.99.15-7.el6_3.2.i686.rpm     MD5: 0e8839796dcd9324f5e5fc7f90a28f62
SHA-256: a7acb645a187849dcf57f49499a041cb5d113dfb2323ff41f553c2c19c87801e
 
PPC:
quagga-0.99.15-7.el6_3.2.ppc64.rpm     MD5: 5fe47ca3c07dc345569234fd7efbd5fb
SHA-256: d75f40823a5b10dd15f90b717c95c4978e716524a012f7c377f36e9753aef499
quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm     MD5: b2ba1cb35f8e98ac3da5b0f7bc050252
SHA-256: c8c70106868b24359bf6210559a50a3f1fc5299edccf3ea0cebffd920c19abee
quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm     MD5: 9cc5ba3ed91d194ace77791a25bff418
SHA-256: d33a5438149fe64b9052ad1cf5704099b02b13925a5afbb3ac00dc8859fb8477
quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm     MD5: b9638fe1604853f59912ebe350d8fa08
SHA-256: 53fe401505a6db0ae89138bdd5dde4b4d192cecb8564e4dd9261126a8e0aa49b
quagga-devel-0.99.15-7.el6_3.2.ppc.rpm     MD5: bb57b49ffb6f47ca5a74c5bfaef4dd6b
SHA-256: 1df17e59c7e24a3a21156f9ea5390b10088a1a874634d9bb77076385b5759ee7
quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm     MD5: 254e6a85cf1691c48ada230b919ea9ef
SHA-256: 3aecd8da7056e2ed69c2a7c76359477bda450196106208c6f8907487e1cc72e3
 
s390x:
quagga-0.99.15-7.el6_3.2.s390x.rpm     MD5: e444896ada8eabdf60dc76e4da02c34f
SHA-256: ca37d7cfcc19fa9538cb9eab4a8bc25e79ae1db6f9a6668fc2d8db4a821edc81
quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm     MD5: 9e76eb3f49b73c2f02c2776c57d03186
SHA-256: 67d5c2a745a8c6db9b837f780608ee359e48297cd5a7e3f153e1426a76565c69
quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm     MD5: 88492ac5a1c72820775dc013155a1e50
SHA-256: 03703cbe7a2541a902d688ed219be33a87eb79d1519f76c329c60b026af6cce5
quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm     MD5: 42c19234762cafbdc05d94fb3877f65b
SHA-256: eeeca7b69da379bab315a52aa16c7c398ea89fb2149b6339af914a347ea64fde
quagga-devel-0.99.15-7.el6_3.2.s390.rpm     MD5: 83ec9bd498c9b1ba100686dcc63f879b
SHA-256: a418880c28f34c7ff68583fc49e83ba67974927d35e4d2062d846e7eb5790ee1
quagga-devel-0.99.15-7.el6_3.2.s390x.rpm     MD5: 6e33411affcd6cf59ed02bd2524035bb
SHA-256: dac359bc873b7682753061785dab069a407b84e664299f09a318511a4c2f8761
 
x86_64:
quagga-0.99.15-7.el6_3.2.x86_64.rpm     MD5: abfc9e284dfda704924ae84c46b2089c
SHA-256: 5f30a1a1154f96b54ef74fc32c4d325599e9aacc16cbcbd08e4ad42a4416d816
quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm     MD5: 4412ce2ec10e8b435dd160c90a14b7fb
SHA-256: 89ca8fd1e7b469f9adebd21f925223e393ce022dcaacba985dce5faf978da2a4
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm     MD5: 161adbe6eb594f7a23b5f0b21714a757
SHA-256: bf5aee7e85afc38a3a6be3b9438d01e01f58767790b93e57741ebb0c9adef0c3
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm     MD5: 2c5c7dd0696ba176e374feeebad4c2f8
SHA-256: 677fcff5660f83b9ede7d66549bca73eaf791273b2387cd7cf2b4e1b6393666c
quagga-devel-0.99.15-7.el6_3.2.i686.rpm     MD5: 0e8839796dcd9324f5e5fc7f90a28f62
SHA-256: a7acb645a187849dcf57f49499a041cb5d113dfb2323ff41f553c2c19c87801e
quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm     MD5: dc698ff396734d7570dcc8bdcf4742fe
SHA-256: bad492fe0ad7248f39fbfece7efc56fc35f16942e901700084e648f261b7ed59
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
quagga-0.99.15-7.el6_3.2.src.rpm     MD5: 0b754b5c3a7ec35c84dc6e6e9927b180
SHA-256: daf0287e8b55f88447ca510cb25da5958b8891db43e76925771bbd56f57ce984
 
IA-32:
quagga-0.99.15-7.el6_3.2.i686.rpm     MD5: 47b5d0add8afb836982038ae72a9a60e
SHA-256: 3d933a6cd666e31ae4ddc0bb4949c59a6464e5e6ba3a533b99b1ca46344eb297
quagga-contrib-0.99.15-7.el6_3.2.i686.rpm     MD5: 19e4f215a83a829b54f7d009481a53c6
SHA-256: 763b5c8e1a849837ee197c09dd78da0ad940f75ba19775398837fca95337515a
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm     MD5: 161adbe6eb594f7a23b5f0b21714a757
SHA-256: bf5aee7e85afc38a3a6be3b9438d01e01f58767790b93e57741ebb0c9adef0c3
quagga-devel-0.99.15-7.el6_3.2.i686.rpm     MD5: 0e8839796dcd9324f5e5fc7f90a28f62
SHA-256: a7acb645a187849dcf57f49499a041cb5d113dfb2323ff41f553c2c19c87801e
 
PPC:
quagga-0.99.15-7.el6_3.2.ppc64.rpm     MD5: 5fe47ca3c07dc345569234fd7efbd5fb
SHA-256: d75f40823a5b10dd15f90b717c95c4978e716524a012f7c377f36e9753aef499
quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm     MD5: b2ba1cb35f8e98ac3da5b0f7bc050252
SHA-256: c8c70106868b24359bf6210559a50a3f1fc5299edccf3ea0cebffd920c19abee
quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm     MD5: 9cc5ba3ed91d194ace77791a25bff418
SHA-256: d33a5438149fe64b9052ad1cf5704099b02b13925a5afbb3ac00dc8859fb8477
quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm     MD5: b9638fe1604853f59912ebe350d8fa08
SHA-256: 53fe401505a6db0ae89138bdd5dde4b4d192cecb8564e4dd9261126a8e0aa49b
quagga-devel-0.99.15-7.el6_3.2.ppc.rpm     MD5: bb57b49ffb6f47ca5a74c5bfaef4dd6b
SHA-256: 1df17e59c7e24a3a21156f9ea5390b10088a1a874634d9bb77076385b5759ee7
quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm     MD5: 254e6a85cf1691c48ada230b919ea9ef
SHA-256: 3aecd8da7056e2ed69c2a7c76359477bda450196106208c6f8907487e1cc72e3
 
s390x:
quagga-0.99.15-7.el6_3.2.s390x.rpm     MD5: e444896ada8eabdf60dc76e4da02c34f
SHA-256: ca37d7cfcc19fa9538cb9eab4a8bc25e79ae1db6f9a6668fc2d8db4a821edc81
quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm     MD5: 9e76eb3f49b73c2f02c2776c57d03186
SHA-256: 67d5c2a745a8c6db9b837f780608ee359e48297cd5a7e3f153e1426a76565c69
quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm     MD5: 88492ac5a1c72820775dc013155a1e50
SHA-256: 03703cbe7a2541a902d688ed219be33a87eb79d1519f76c329c60b026af6cce5
quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm     MD5: 42c19234762cafbdc05d94fb3877f65b
SHA-256: eeeca7b69da379bab315a52aa16c7c398ea89fb2149b6339af914a347ea64fde
quagga-devel-0.99.15-7.el6_3.2.s390.rpm     MD5: 83ec9bd498c9b1ba100686dcc63f879b
SHA-256: a418880c28f34c7ff68583fc49e83ba67974927d35e4d2062d846e7eb5790ee1
quagga-devel-0.99.15-7.el6_3.2.s390x.rpm     MD5: 6e33411affcd6cf59ed02bd2524035bb
SHA-256: dac359bc873b7682753061785dab069a407b84e664299f09a318511a4c2f8761
 
x86_64:
quagga-0.99.15-7.el6_3.2.x86_64.rpm     MD5: abfc9e284dfda704924ae84c46b2089c
SHA-256: 5f30a1a1154f96b54ef74fc32c4d325599e9aacc16cbcbd08e4ad42a4416d816
quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm     MD5: 4412ce2ec10e8b435dd160c90a14b7fb
SHA-256: 89ca8fd1e7b469f9adebd21f925223e393ce022dcaacba985dce5faf978da2a4
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm     MD5: 161adbe6eb594f7a23b5f0b21714a757
SHA-256: bf5aee7e85afc38a3a6be3b9438d01e01f58767790b93e57741ebb0c9adef0c3
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm     MD5: 2c5c7dd0696ba176e374feeebad4c2f8
SHA-256: 677fcff5660f83b9ede7d66549bca73eaf791273b2387cd7cf2b4e1b6393666c
quagga-devel-0.99.15-7.el6_3.2.i686.rpm     MD5: 0e8839796dcd9324f5e5fc7f90a28f62
SHA-256: a7acb645a187849dcf57f49499a041cb5d113dfb2323ff41f553c2c19c87801e
quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm     MD5: dc698ff396734d7570dcc8bdcf4742fe
SHA-256: bad492fe0ad7248f39fbfece7efc56fc35f16942e901700084e648f261b7ed59
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
quagga-0.99.15-7.el6_3.2.src.rpm     MD5: 0b754b5c3a7ec35c84dc6e6e9927b180
SHA-256: daf0287e8b55f88447ca510cb25da5958b8891db43e76925771bbd56f57ce984
 
IA-32:
quagga-0.99.15-7.el6_3.2.i686.rpm     MD5: 47b5d0add8afb836982038ae72a9a60e
SHA-256: 3d933a6cd666e31ae4ddc0bb4949c59a6464e5e6ba3a533b99b1ca46344eb297
quagga-contrib-0.99.15-7.el6_3.2.i686.rpm     MD5: 19e4f215a83a829b54f7d009481a53c6
SHA-256: 763b5c8e1a849837ee197c09dd78da0ad940f75ba19775398837fca95337515a
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm     MD5: 161adbe6eb594f7a23b5f0b21714a757
SHA-256: bf5aee7e85afc38a3a6be3b9438d01e01f58767790b93e57741ebb0c9adef0c3
quagga-devel-0.99.15-7.el6_3.2.i686.rpm     MD5: 0e8839796dcd9324f5e5fc7f90a28f62
SHA-256: a7acb645a187849dcf57f49499a041cb5d113dfb2323ff41f553c2c19c87801e
 
x86_64:
quagga-0.99.15-7.el6_3.2.x86_64.rpm     MD5: abfc9e284dfda704924ae84c46b2089c
SHA-256: 5f30a1a1154f96b54ef74fc32c4d325599e9aacc16cbcbd08e4ad42a4416d816
quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm     MD5: 4412ce2ec10e8b435dd160c90a14b7fb
SHA-256: 89ca8fd1e7b469f9adebd21f925223e393ce022dcaacba985dce5faf978da2a4
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm     MD5: 161adbe6eb594f7a23b5f0b21714a757
SHA-256: bf5aee7e85afc38a3a6be3b9438d01e01f58767790b93e57741ebb0c9adef0c3
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm     MD5: 2c5c7dd0696ba176e374feeebad4c2f8
SHA-256: 677fcff5660f83b9ede7d66549bca73eaf791273b2387cd7cf2b4e1b6393666c
quagga-devel-0.99.15-7.el6_3.2.i686.rpm     MD5: 0e8839796dcd9324f5e5fc7f90a28f62
SHA-256: a7acb645a187849dcf57f49499a041cb5d113dfb2323ff41f553c2c19c87801e
quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm     MD5: dc698ff396734d7570dcc8bdcf4742fe
SHA-256: bad492fe0ad7248f39fbfece7efc56fc35f16942e901700084e648f261b7ed59
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers
738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type
738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type
738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes
802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message
802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet
802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures
817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/