GNU Zebra / Quagga Remote Denial of Service Vulnerability

GNU Zebra / Quagga Remote Denial of Service Vulnerability

Solution:
OpenPKG has released advisory (OpenPKG-SA-2003.049) to address this issue. Users are advised to apply relative patches as soon as possible. Further information, including patch information, can be found in the attached advisory. Fixes are linked below.

Red Hat has released advisory RHSA-2003:305-12 to address this issue in their Linux Enterprise software. Relevant patches are available through the Red Hat Network. See the referenced advisory for additional details.

Red Hat has released advisory RHSA-2003:307-01 to address this issue in their Linux Enterprise software. Users are advised to upgrade as soon as possible. Further information, including patch information, can be found in the attached advisory.

Quagga has released version 0.96.4 which addresses this issue. Users are advised to upgrade as soon as possible.

Conectiva has released an advisory that includes updates for this issue. Conectiva also released an advisory for Conectiva Linux Enterprise Edition with fixes.

SGI has released an advisory (20031101-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10032) containing updated RPM packages relating to a number of different BIDS. These RPMs address both the Zebra and Iproute packages detailed in this BID.

Patch 10032 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10032, please see the attached advisory.

Sun has released a fix for Sun Linux 5.0.7.

Debian has issued fixes for this vulnerability.

Fixes:

GNU Zebra 0.91 a