ALAS-2014-279

Amazon Linux 1 (EOL) Security Advisory: ALAS-2014-279
Advisory Released Date: 2014-01-14
Advisory Updated Date: 2014-09-16

Severity: Medium

References: CVE-2013-6051
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.

Affected Packages:

quagga

Issue Correction:
Run yum update quagga to update your system.

New Packages:

i686:
    quagga-devel-0.99.21-6.12.amzn1.i686
    quagga-contrib-0.99.21-6.12.amzn1.i686
    quagga-0.99.21-6.12.amzn1.i686
    quagga-debuginfo-0.99.21-6.12.amzn1.i686

src:
    quagga-0.99.21-6.12.amzn1.src

x86_64:
    quagga-contrib-0.99.21-6.12.amzn1.x86_64
    quagga-0.99.21-6.12.amzn1.x86_64
    quagga-debuginfo-0.99.21-6.12.amzn1.x86_64
    quagga-devel-0.99.21-6.12.amzn1.x86_64

Additional References

Red Hat: CVE-2013-6051

Mitre: CVE-2013-6051