Christian Hammers

**Name of the Vulnerable Software and Affected Versions** Quagga version 0.99.21 **Description** The issue is related to the bgp attr unknown function in bgp attr.c, which does not properly initialize the total variable. This allows remote attackers to cause a denial of service by crashing bgpd via a crafted BGP update. **Recommendations** For Quagga version 0.99.21, consider applying a patch that properly initializes the total variable in the bgp attr unknown function to prevent the denial of service.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.1 through 4.1.20 MySQL versions 5.0 through 5.0.23 **Description** A local user can access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, potentially violating intended security policy. **Recommendations** For MySQL versions 4.1 through 4.1.20, update to version 4.1.21 or later. For MySQL versions 5.0 through 5.0.23, update to version 5.0.24 or later.