Amazon Linux 1 (EOL) Security Advisory: ALAS-2012-90
Advisory Released Date: 2012-06-19
Advisory Updated Date: 2014-09-14
Severity:
Low
Issue Overview:
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
Affected Packages:
quagga
Issue Correction:
Run yum update quagga to update your system.
New Packages:
i686:
quagga-devel-0.99.20.1-1.5.amzn1.i686
quagga-debuginfo-0.99.20.1-1.5.amzn1.i686
quagga-0.99.20.1-1.5.amzn1.i686
quagga-contrib-0.99.20.1-1.5.amzn1.i686
src:
quagga-0.99.20.1-1.5.amzn1.src
x86_64:
quagga-0.99.20.1-1.5.amzn1.x86_64
quagga-debuginfo-0.99.20.1-1.5.amzn1.x86_64
quagga-devel-0.99.20.1-1.5.amzn1.x86_64
quagga-contrib-0.99.20.1-1.5.amzn1.x86_64