Gentoo Linux Security Advisory 201804-17 - Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.2.4 are affected.
72292a91d7da047d668d7e46aa4d5c3b992a794a95642bc8bbdec6ac229f3295
Red Hat Security Advisory 2018-0377-01 - The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code.
19564a870796b03c596086a31ca552ed1bfc8619aebaf0f87d69796c1a536874
Debian Linux Security Advisory 4115-1 - Several vulnerabilities have been discovered in Quagga, a routing daemon.
42318d99958702d880d1ff84517239a4ac6765bfd5cbf9f862c27479cfdaacca
Ubuntu Security Notice 3573-1 - It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
e25145ec1ce999392dc95a2f6855a83162bf02bf998bdf9f82eae3b3c59d60e2