Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2012:1258 - Security Advisory
Issued:
2012-09-12
Updated:
2012-09-12

RHSA-2012:1258 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: quagga security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated quagga packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol. The Quagga
ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)
routing protocol.

A heap-based buffer overflow flaw was found in the way the bgpd daemon
processed malformed Extended Communities path attributes. An attacker could
send a specially-crafted BGP message, causing bgpd on a target system to
crash or, possibly, execute arbitrary code with the privileges of the user
running bgpd. The UPDATE message would have to arrive from an explicitly
configured BGP peer, but could have originated elsewhere in the BGP
network. (CVE-2011-3327)

A NULL pointer dereference flaw was found in the way the bgpd daemon
processed malformed route Extended Communities attributes. A configured
BGP peer could crash bgpd on a target system via a specially-crafted BGP
message. (CVE-2010-1674)

A stack-based buffer overflow flaw was found in the way the ospf6d daemon
processed malformed Link State Update packets. An OSPF router could use
this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)

A flaw was found in the way the ospf6d daemon processed malformed link
state advertisements. An OSPF neighbor could use this flaw to crash
ospf6d on a target system. (CVE-2011-3324)

A flaw was found in the way the ospfd daemon processed malformed Hello
packets. An OSPF neighbor could use this flaw to crash ospfd on a
target system. (CVE-2011-3325)

A flaw was found in the way the ospfd daemon processed malformed link state
advertisements. An OSPF router in the autonomous system could use this flaw
to crash ospfd on a target system. (CVE-2011-3326)

An assertion failure was found in the way the ospfd daemon processed
certain Link State Update packets. An OSPF router could use this flaw to
cause ospfd on an adjacent router to abort. (CVE-2012-0249)

A buffer overflow flaw was found in the way the ospfd daemon processed
certain Link State Update packets. An OSPF router could use this flaw to
crash ospfd on an adjacent router. (CVE-2012-0250)

Red Hat would like to thank CERT-FI for reporting CVE-2011-3327,
CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the
CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges
Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS
project as the original reporters of CVE-2011-3327, CVE-2011-3323,
CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges
Martin Winter at OpenSourceRouting.org as the original reporter of
CVE-2012-0249 and CVE-2012-0250.

Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd, ospfd, and ospf6d daemons will be restarted
automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route
  • BZ - 738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
  • BZ - 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers
  • BZ - 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type
  • BZ - 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type
  • BZ - 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes
  • BZ - 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet
  • BZ - 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures

CVEs

  • CVE-2010-1674
  • CVE-2011-3327
  • CVE-2011-3326
  • CVE-2011-3325
  • CVE-2011-3324
  • CVE-2011-3323
  • CVE-2012-0250
  • CVE-2012-0249

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
quagga-0.98.6-7.el5_8.1.src.rpm SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
x86_64
quagga-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 2b5aab3716a648710993047b9ffcbcb89634b20454d797d75adad45cf24bc6e9
quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 360eec698c9766a78651fc5a64eff18e37477de8504dbc56e0359a74b1b001e5
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 27d295b8daba80b8e8880a0294534cac3cc8fae06aec281508d7bd04517796c7
quagga-devel-0.98.6-7.el5_8.1.i386.rpm SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9
quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: c0f000a30b70c7d5061b9b09ce3447f8482f59e04bc9526b64ebf34e68afdbed
ia64
quagga-0.98.6-7.el5_8.1.ia64.rpm SHA-256: f837c40b0b8938e42bac3de8624a2f0cd6d091cb38a0ca3dd248f9c180a91eeb
quagga-contrib-0.98.6-7.el5_8.1.ia64.rpm SHA-256: 55bdda499ea58b3ae5cc63c2627bdb0fa53dd8bce19e4e7cf58641574d06848f
quagga-debuginfo-0.98.6-7.el5_8.1.ia64.rpm SHA-256: c7503c1d680304bca6180bfeacf502e5652c090ecd74fb2fb68bd8bb766db149
quagga-devel-0.98.6-7.el5_8.1.ia64.rpm SHA-256: 7584c1ada35f3fa9b1bc35936fbae38dd08d399c30a0e8bb61a7f7d6f029961d
i386
quagga-0.98.6-7.el5_8.1.i386.rpm SHA-256: 0396d793c76964a42b1ddef32f5060c2be26440c086bb2094644b61a05fb6905
quagga-contrib-0.98.6-7.el5_8.1.i386.rpm SHA-256: c8106d0a0a6d94e4af49ed12b31d5f726a80e24e0947ac9c925ebc9cd623223e
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-devel-0.98.6-7.el5_8.1.i386.rpm SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9

Red Hat Enterprise Linux Workstation 5

SRPM
quagga-0.98.6-7.el5_8.1.src.rpm SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
x86_64
quagga-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 2b5aab3716a648710993047b9ffcbcb89634b20454d797d75adad45cf24bc6e9
quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 360eec698c9766a78651fc5a64eff18e37477de8504dbc56e0359a74b1b001e5
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 27d295b8daba80b8e8880a0294534cac3cc8fae06aec281508d7bd04517796c7
quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 27d295b8daba80b8e8880a0294534cac3cc8fae06aec281508d7bd04517796c7
quagga-devel-0.98.6-7.el5_8.1.i386.rpm SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9
quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: c0f000a30b70c7d5061b9b09ce3447f8482f59e04bc9526b64ebf34e68afdbed
i386
quagga-0.98.6-7.el5_8.1.i386.rpm SHA-256: 0396d793c76964a42b1ddef32f5060c2be26440c086bb2094644b61a05fb6905
quagga-contrib-0.98.6-7.el5_8.1.i386.rpm SHA-256: c8106d0a0a6d94e4af49ed12b31d5f726a80e24e0947ac9c925ebc9cd623223e
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-devel-0.98.6-7.el5_8.1.i386.rpm SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9

Red Hat Enterprise Linux Desktop 5

SRPM
quagga-0.98.6-7.el5_8.1.src.rpm SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
x86_64
quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 360eec698c9766a78651fc5a64eff18e37477de8504dbc56e0359a74b1b001e5
quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 27d295b8daba80b8e8880a0294534cac3cc8fae06aec281508d7bd04517796c7
i386
quagga-contrib-0.98.6-7.el5_8.1.i386.rpm SHA-256: c8106d0a0a6d94e4af49ed12b31d5f726a80e24e0947ac9c925ebc9cd623223e
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
quagga-0.98.6-7.el5_8.1.src.rpm SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
s390x
quagga-0.98.6-7.el5_8.1.s390x.rpm SHA-256: c593132055d691480cdda2ca781d8f1baff8d1d418f1f4e5ad72002d36be7c3b
quagga-contrib-0.98.6-7.el5_8.1.s390x.rpm SHA-256: 8016f7a9585497c75a07f9b7d2a5abcf6853dddf3b39bda52c1b57cf5dfba416
quagga-debuginfo-0.98.6-7.el5_8.1.s390.rpm SHA-256: 1acc5b043a428a8206979af23bc4d13799f1bc13a9dee09d01a5b328738e8a27
quagga-debuginfo-0.98.6-7.el5_8.1.s390x.rpm SHA-256: dc73945b764f9d0b6e3e08f2d5fb922dc4963f7bcda5ce34f26ed60739946082
quagga-devel-0.98.6-7.el5_8.1.s390.rpm SHA-256: 1699b05f533afcbf639adc24bb775c71aa06a7fc0a49b0c0e9ba5e1a23a7393f
quagga-devel-0.98.6-7.el5_8.1.s390x.rpm SHA-256: 4c15ab5017a898a0f936750f3ac12498f1396486595f334107a6f76ab1ccacbe

Red Hat Enterprise Linux for Power, big endian 5

SRPM
quagga-0.98.6-7.el5_8.1.src.rpm SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
ppc
quagga-0.98.6-7.el5_8.1.ppc.rpm SHA-256: 1854b9353be7205b94a8136aee1ef5525fc334b744f107a698d36280fd22d0e9
quagga-contrib-0.98.6-7.el5_8.1.ppc.rpm SHA-256: c7ebe2fb9c74253623bf6c452ef2e10cdf57d7d10880a920fdfde4115b5a5868
quagga-debuginfo-0.98.6-7.el5_8.1.ppc.rpm SHA-256: bcecaef2b7d6340efdf5308ee92050d8a0a82e042da47505832f1c90c5ea8ce0
quagga-debuginfo-0.98.6-7.el5_8.1.ppc64.rpm SHA-256: 3cb36c1b3d632a48d44017f939fd6795c736aaf6e47f4b3f21e60eb98af28082
quagga-devel-0.98.6-7.el5_8.1.ppc.rpm SHA-256: f5d8b52c963b5a6bbb3ad73d3213038655fdc80129b49ca1258ffeba4d03a69d
quagga-devel-0.98.6-7.el5_8.1.ppc64.rpm SHA-256: 632f1cfd7ba33d048db9fba6d55f32357acad3a2815a3db02d82e44577691b06

Red Hat Enterprise Linux Server from RHUI 5

SRPM
quagga-0.98.6-7.el5_8.1.src.rpm SHA-256: c559133b918c14cbeea54b527bddc6a9ef771528d02f405da1677cb90ca389cd
x86_64
quagga-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 2b5aab3716a648710993047b9ffcbcb89634b20454d797d75adad45cf24bc6e9
quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 360eec698c9766a78651fc5a64eff18e37477de8504dbc56e0359a74b1b001e5
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: 27d295b8daba80b8e8880a0294534cac3cc8fae06aec281508d7bd04517796c7
quagga-devel-0.98.6-7.el5_8.1.i386.rpm SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9
quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm SHA-256: c0f000a30b70c7d5061b9b09ce3447f8482f59e04bc9526b64ebf34e68afdbed
i386
quagga-0.98.6-7.el5_8.1.i386.rpm SHA-256: 0396d793c76964a42b1ddef32f5060c2be26440c086bb2094644b61a05fb6905
quagga-contrib-0.98.6-7.el5_8.1.i386.rpm SHA-256: c8106d0a0a6d94e4af49ed12b31d5f726a80e24e0947ac9c925ebc9cd623223e
quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm SHA-256: 9649f6395432a2e7815e0e3bd2fd32cc9a03d3e282c51592acaa22b7c4ed6325
quagga-devel-0.98.6-7.el5_8.1.i386.rpm SHA-256: e774a9b877bab6453c67f9d28e7c4212f14f03d17cc73182f9849931bb7731d9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter