Debian Security Advisory
DLA-662-1 quagga -- LTS security update
- Date Reported:
- 18 Oct 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 841162.
In Mitre's CVE dictionary: CVE-2016-1245.
- More information:
It was discovered that there was stack overrun in IPv6 RA receive code in quagga, a BGP/OSPF/RIP routing daemon.
The buffer size specified when receiving mixed up two constants that have different values.
For Debian 7
Wheezy, this issue has been fixed in quagga version 0.99.22.4-1+wheezy3+deb7u1.
We recommend that you upgrade your quagga packages.