Red Hat Security Advisory 2017-0794-01 - The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service.
382a7eb4860c0cafcd06124913757757571d5dd5111b8d10cb82337462076114
Gentoo Linux Security Advisory 201610-3 - A buffer overflow in Quagga might allow remote attackers to execute arbitrary code. Versions less than 1.0.20160315 are affected.
42e42d41c013e5a025c505dd15304b92240815879c19976a220905225322df10
Debian Linux Security Advisory 3532-1 - Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service (daemon crash), or potentially, execution of arbitrary code, if bgpd is configured with BGP peers enabled for VPNv4.
cef9d895c39bbbb7661a16e382b449ce003efe7088ec7a48f82bdd410511a3ac
Ubuntu Security Notice 2941-1 - Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Quagga incorrectly handled messages with a large LSA when used in certain configurations. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
dec0b6f9f3b35d3f8a8eb68d683beaa94258a1981f7ede3d89ddbda7fc3e091b