=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2011/VULN283
_____________________________________________________________________

DATE                      : 01/04/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Quagga versions prior to 0.99.18.

======================================================================
http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200
______________________________________________________________________

     * 2011-03-21: Quagga 0.99.18 Released

       Quagga 0.99.18 has been released, and is available in the usual place.

       This release fixes 2 denial of services in bgpd, which can be remotely triggered by malformed 
AS-Pathlimit or Extended-Community attributes. These issues have been assigned CVE-2010-1674 and 
CVE-2010-1675. Support for AS-Pathlimit has been removed with this release.

       The release includes a number of bug-fixes and enhancements, primarily for ospfd, ospf6d and bgpd.
       A short summary of commits is shown below, for more details please look into the full changelog.

       bgpd:
           Remove AS Path limit/TTL functionality
           bgpd/security: CVE-2010-1674 Fix crash due to extended-community parser error
           use Jenkins hash for BGP transit, cluster and attr hashes
           Remove extra lock on interior table node
           Fix display of unsigned attributes
           fix use of free memory by update_rsclient
           unlock node on aggregate error
           fix errors in aggregate address command
           use XCALLOC to allocate bgpd damp array
           fix bgp_node locking issues
           improve "monotonic" uptime correction
           VTY string fixes for debug commands
           fix handling of "Unsupported Capability"
           Set from even if binfo->extra is NULL.
           Simplify process queue init
           fix community-list error message spelling
           fix printed value of last-update timestamp

       ospf6d:
           Extend the "[no] debug ospf6 route" vty commands
           Route locking (memory) cleanup
           Have ospf6d cleanup when it terminates normally
           Remove obsolete code
           Fix memory allocation issues in SPF
           fix crash in SPF calculation

       ripd:
           resolve debug statements issue (bug 442)

       ripngd:
           copy debug statements fix from ripd

       ospfd:
           Remove oi field from LSA, have network_lsa_refresh look up when
       needed
           potential fix for router-id change assert on refresh cleanup patch
           Fix maxage/flush to not try flood twice, remember maxages for longer
           Unify router and network LSA refresh logic with general refresher
           Remember network LSA sequence numbers across up/downs of an interface
           Prioritise hellos for sending by queueing to head of output buffer
           Reset neighbour inactivity timer for any packet arrival
           the maxage_lsa_remover should check whether it needs to yield the cpu
           Fix various route_unlock discrepencies
           fix lsa_refresh_walker unlock before use bug
           interface code should leave  network_lsa_self alone
           OSPF_MIN_LS_ARRIVAL compare should be >= to match ospf_flood
           ospf_if_free can leave dangling references on ISM events - cancel them
           Lower level of some common messages from info to debug

       lib:
           zclient: fix router-id calculation for IPv6 (#595)
           lib: zlog should clean up its memory
           lib: Add a function to delete all interfaces
           lib: Better hashing of string values using Bernstein hash
           lib: Fix accounting of memory
           lib: Fix bug in prefix trie lookup
           lib: prefix.c nano-optimisation
           lib: Make workqueue more conservative about ramping up
           lib: Add a command to clear the thread CPU history data
           lib: Thread scheduler should be fair and not let events starve I/O and timers
           lib: thread history funcname shouldn't be constant, it's freed
           bgpd, lib: adopt afi_t and safi_t in several places
           lib/vty.c: add missing format string when printing out motd message
           Document rules for zalloc and friends.

       zebra:
           Zebra zserv: bogus conditional


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================