Debian LTS Advisory ([SECURITY] [DLA 1286-1] quagga security update)

Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attribute length is invalid. A configured BGP peer can take advantage of this bug to read memory from the bgpd process or cause a denial of service (daemon crash).

quagga on Debian Linux

This check tests the installed software version using the apt package manager.

For Debian 7 'Wheezy', these problems have been fixed in version 0.99.22.4-1+wheezy3+deb7u3. We recommend that you upgrade your quagga packages.