Lucene search

K
mageiaGentoo FoundationMGASA-2013-0310
HistoryOct 17, 2013 - 11:40 p.m.

Updated quagga packages fix CVE-2013-2236

2013-10-1723:40:12
Gentoo Foundation
advisories.mageia.org
8

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

92.9%

Updated quagga packages fix security vulnerability: Remotely exploitable buffer overflow in ospf_api.c and ospfclient.c when processing LSA messages in quagga before 0.99.22.2 (CVE-2013-2236). Note: We have worked around this vulnerability by disabling the ospf_api and ospfclient features, which did not provide useful functionality.

OSVersionArchitecturePackageVersionFilename
Mageia2noarchquagga< 0.99.20.1-3.2quagga-0.99.20.1-3.2.mga2
Mageia3noarchquagga< 0.99.20.1-9.1quagga-0.99.20.1-9.1.mga3

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

92.9%