{"id":"MGASA-2016-0165","summary":"Updated quagga packages fix CVE-2016-4049","details":"Updated quagga packages fix security vulnerability:\n\nA denial of dervice vulnerability have been found in BGP daemon\nfrom Quagga routing software (bgpd): if the following conditions are\nsatisfied:\n\n - regular dumping is enabled\n - bgpd instance has many BGP peers\n\nthen BGP message packets that are big enough cause bgpd to crash.\nThe situation when the conditions above are satisfied is quite common.\nMoreover, it is easy to craft a packet which is much \"bigger\" than a\ntypical packet, and hence such crafted packet can much more likely cause\nthe crash (CVE-2016-4049).\n","modified":"2026-04-16T06:25:18.099831836Z","published":"2016-05-05T16:26:44Z","upstream":["CVE-2016-4049"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0165.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18280"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2016/04/27/7"}],"affected":[{"package":{"name":"quagga","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/quagga?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.22.4-4.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0165.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}