-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:254 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : quagga Date : October 18, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated quagga packages fix security vulnerability: Remotely exploitable buffer overflow in ospf_api.c and ospfclient.c when processing LSA messages in quagga before 0.99.22.2 (CVE-2013-2236). Note: We have worked around this vulnerability by disabling the ospf_api and ospfclient features, which did not provide useful functionality. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236 http://advisories.mageia.org/MGASA-2013-0310.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8c751a0311cd7654f4899300144e7351 mbs1/x86_64/lib64quagga0-0.99.20.1-4.2.mbs1.x86_64.rpm 08329e6630d02e97286a2f9fe8177129 mbs1/x86_64/lib64quagga-devel-0.99.20.1-4.2.mbs1.x86_64.rpm e922a4b95ff082292b0df477645004f7 mbs1/x86_64/quagga-0.99.20.1-4.2.mbs1.x86_64.rpm 05d43b0bdadb568ea8709f041abb7174 mbs1/x86_64/quagga-contrib-0.99.20.1-4.2.mbs1.x86_64.rpm 91fc66bff311ceb33412289f8b82490a mbs1/SRPMS/quagga-0.99.20.1-4.2.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSYPHfmqjQ0CJFipgRAkwaAJ9BgB7d6huH9HAWGfg4s36vUGRa8gCdGZiK dePmJUp5/a9aqwXhOyo5CEM= =5I4o -----END PGP SIGNATURE-----