Launchpad.net

CVE 2012-0249

Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.

Related bugs and status

CVE-2012-0249 (Candidate) is related to these bugs:

Bug #994169: quagga security update tracking bug

		In	Importance	Status
994169	quagga security update tracking bug	quagga (Ubuntu)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Lucid)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Natty)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Oneiric)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Quantal)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.quagg...
CERT-VN: VU#551715
FEDORA: FEDORA-2012-5352
FEDORA: FEDORA-2012-5411
FEDORA: FEDORA-2012-5436
REDHAT: RHSA-2012:1258
REDHAT: RHSA-2012:1259
SECUNIA: 48949
DEBIAN: DSA-2459