OpenSuSE has issued an advisory on March 23: https://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated quagga packages fix security vulnerability: A vulnerability was found in a way VPNv4 NLRI parser copied packet data to the stack. Memcpy to stack data structure based on length field from packet data whose length field upper-bound was not properly checked (CVE-2016-2342). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2342 https://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html ======================== Updated packages in core/updates_testing: ======================== quagga-0.99.22.4-4.1.mga5 quagga-contrib-0.99.22.4-4.1.mga5 libquagga0-0.99.22.4-4.1.mga5 libquagga-devel-0.99.22.4-4.1.mga5 from quagga-0.99.22.4-4.1.mga5.src.rpm
Procedure: https://bugs.mageia.org/show_bug.cgi?id=6512#c1
Whiteboard: (none) => has_procedure
x86_64 test under Mate. Went straight for the updates after installing the pre-update packages and followed the recommended procedure in comment #1. It all ran smoothly with the exception of babeld. Stopped services after watchquagga started and restarted them, sometimes after editing a config file. Unless the babel thing is a problem this looks good for 64-bits. Some more detailed notes attached.
CC: (none) => tarazed25
Whiteboard: has_procedure => has_procedure MGA5-64-OK
Created attachment 7592 [details] Work log for quagga testing
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0126.html
Status: NEW => RESOLVEDResolution: (none) => FIXED