Jukka Taimisto

Name of the Vulnerable Software and Affected Versions: Apache Xerces C++ versions 2.7.0 through 2.8.0 Description: A stack consumption issue allows context-dependent attackers to cause a denial of service, resulting in an application crash. This can be achieved through vectors involving nested parentheses and invalid byte values in simply nested DTD structures. Recommendations: For Apache Xerces C++ versions 2.7.0 through 2.8.0, consider updating to a newer version to mitigate the risk of a denial of service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NetBSD version 4.0 FreeBSD (affected versions not specified) KAME (affected versions not specified) Description: The issue is related to a denial of service caused by a divide-by-zero error and panic. This occurs when a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value is sent to the system. The `mld input` function in the kernel is the vulnerable component. Recommendations: For NetBSD version 4.0, update the kernel to a version that fixes the `mld input` function issue. For FreeBSD, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For KAME, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quagga versions prior to 0.99.19 Quagga version 0.99.15 **Description** The issue allows remote attackers to cause a denial of service via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. This is due to the `ospf6 lsa is changed` function in `ospf6 lsa.c` in the OSPFv3 implementation in `ospf6d`. The vulnerability can lead to disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For Quagga versions prior to 0.99.19, update to version 0.99.19 or later to resolve the issue. For Quagga version 0.99.15, update to version 0.99.19 or later to resolve the issue. As a temporary workaround, consider disabling the `ospf6 lsa is changed` function until a patch is available. Restrict access to the `ospf6d` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Quagga versions prior to 0.99.19 Quagga versions prior to 0.99.20 **Description** The issue affects the Quagga package in various Linux operating systems, including Red Hat Enterprise Linux, CentOS, SUSE Linux Enterprise, and openSUSE. It allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. The `ospf flood` function in `ospf flood.c` in `ospfd` is vulnerable. This can lead to disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For Quagga versions prior to 0.99.19, update to version 0.99.19 or later. For Quagga versions prior to 0.99.20, update to version 0.99.20 or later. As a temporary workaround, consider disabling the `ospf flood` function until a patch is available. Restrict access to the vulnerable `ospfd` module to minimize the risk of exploitation. Avoid using the `ospf flood` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Quagga versions prior to 0.99.19 Quagga-devel versions prior to 0.99.19 Quagga-contrib versions prior to 0.99.19 Quagga-debuginfo versions prior to 0.99.19 **Description** The issue is related to multiple vulnerabilities in the Quagga package, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A heap-based buffer overflow in the `ecommunity ecom2str` function in `bgp ecommunity.c` in `bgpd` in Quagga before version 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. **Recommendations** For Quagga versions prior to 0.99.19, update to version 0.99.19 or later. For Quagga-devel versions prior to 0.99.19, update to version 0.99.19 or later. For Quagga-contrib versions prior to 0.99.19, update to version 0.99.19 or later. For Quagga-debuginfo versions prior to 0.99.19, update to version 0.99.19 or later. As a temporary workaround, consider restricting access to the `bgpd` service until a patch is available. Avoid using the `ecommunity ecom2str` function in the affected `bgp ecommunity.c` file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Quagga versions prior to 0.99.19 Quagga versions 0.99.15 and earlier **Description** The issue affects the Quagga package, allowing remote attackers to cause a denial of service via a Link State Update message with an invalid IPv6 prefix length. This can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely. **Recommendations** For Quagga versions prior to 0.99.19, update to version 0.99.19 or later to resolve the issue. For Quagga versions 0.99.15 and earlier, update to a version later than 0.99.15 to mitigate the risk. As a temporary workaround, consider restricting access to the ospf6d implementation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** linux-image-2.6.26-2-vserver-686-bigmem linux-headers-2.6.26-2-all-mips linux-headers-2.6.26-2-ixp4xx linux-image-2.6.26-2-vserver-sparc64 linux-headers-2.6.26-2-s390 linux-headers-2.6.26-2-all-s390 linux-headers-2.6.26-2-686-bigmem linux-image-2.6.26-2-parisc linux-image-2.6.26-2-sparc64 linux-headers-2.6.26-2-vserver-powerpc linux-headers-2.6.26-2-mckinley linux-image-2.6.26-2-r4k-ip22 linux-headers-2.6.26-2-xen-686 linux-image-2.6.26-2-parisc64-smp linux-doc-2.6.26 linux-headers-2.6.26-2-r4k-ip22 linux-headers-2.6.26-2-iop32x linux-headers-2.6.26-2-r5k-ip32 linux-image-2.6.26-2-s390-tape linux-image-2.6.26-2-alpha-generic linux-headers-2.6.26-2-vserver-amd64 linux-image-2.6.26-2-vserver-s390x linux-headers-2.6.26-2-all-sparc linux-headers-2.6.26-2-vserver-686-bigmem linux-headers-2.6.26-2-5kc-malta linux-headers-2.6.26-2-sparc64 linux-tree-2.6.26 linux-image-2.6.26-2-amd64 linux-modules-2.6.26-2-xen-686 linux-image-2.6.26-2-vserver-686 linux-image-2.6.26-2-5kc-malta linux-image-2.6.26-2-4kc-malta linux-image-2.6.26-2-alpha-smp linux-headers-2.6.26-2-4kc-malta linux-headers-2.6.26-2-r5k-cobalt linux-headers-2.6.26-2-all-i386 linux-image-2.6.26-2-iop32x linux-headers-2.6.26-2-vserver-s390x linux-headers-2.6.26-2-all-mipsel linux-image-2.6.26-2-openvz-amd64 linux-headers-2.6.26-2-all-arm linux-headers-2.6.26-2-all-alpha linux-headers-2.6.26-2-vserver-686 linux-image-2.6.26-2-vserver-itanium linux-headers-2.6.26-2-common-xen linux-headers-2.6.26-2-all-hppa linux-image-2.6.26-2-footbridge linux-image-2.6.26-2-xen-amd64 linux-modules-2.6.26-2-xen-amd64 linux-headers-2.6.26-2-amd64 linux-image-2.6.26-2-mckinley linux-image-2.6.26-2-versatile linux-headers-2.6.26-2-all-amd64 linux-image-2.6.26-2-itanium linux-headers-2.6.26-2-sparc64-smp linux-image-2.6.26-2-powerpc64 linux-manual-2.6.26 linux-headers-2.6.26-2-xen-amd64 linux-image-2.6.26-2-powerpc-smp linux-image-2.6.26-2-sparc64-smp linux-headers-2.6.26-2-vserver-powerpc64 linux-image-2.6.26-2-r5k-ip32 linux-image-2.6.26-2-s390x linux-image-2.6.26-2-r5k-cobalt linux-headers-2.6.26-2-powerpc-smp linux-headers-2.6.26-2-orion5x linux-headers-2.6.26-2-openvz-amd64 linux-image-2.6.26-2-vserver-powerpc linux-headers-2.6.26-2-686 linux-image-2.6.26-2-686-bigmem linux-image-2.6.26-2-orion5x linux-headers-2.6.26-2-all-powerpc linux-image-2.6.26-2-vserver-powerpc64 linux-patch-debian-2.6.26 linux-image-2.6.26-2-ixp4xx linux-image-2.6.26-2-parisc-smp linux-headers-2.6.26-2-486 linux-image-2.6.26-2-parisc64 linux-headers-2.6.26-2-vserver-sparc64 linux-image-2.6.26-2-powerpc linux-headers-2.6.26-2-all linux-source-2.6.26 linux-headers-2.6.26-2-parisc64-smp linux-image-2.6.26-2-xen-686 linux-image-2.6.26-2-686 linux-headers-2.6.26-2-alpha-legacy linux-headers-2.6.26-2-vserver-itanium linux-headers-2.6.26-2-sb1-bcm91250a linux-headers-2.6.26-2-alpha-smp linux-image-2.6.26-2-sb1a-bcm91480b linux-headers-2.6.26-2-parisc-smp linux-headers-2.6.26-2-all-ia64 linux-image-2.6.26-2-openvz-686 linux-headers-2.6.26-2-footbridge linux-support-2.6.26-2 linux-headers-2.6.26-2-powerpc linux-image-2.6.26-2-alpha-legacy linux-headers-2.6.26-2-s390x linux-headers-2.6.26-2-all-armel linux-headers-2.6.26-2-parisc64 linux-headers-2.6.26-2-sb1a-bcm91480b linux-headers-2.6.26-2-vserver-mckinley linux-libc-dev linux-headers-2.6.26-2-common-vserver linux-image-2.6.26-2-vserver-mckinley linux-headers-2.6.26-2-common-openvz linux-headers-2.6.26-2-common linux-image-2.6.26-2-sb1-bcm91250a linux-image-2.6.26-2-s390 **Description** The issue is related to multiple vulnerabilities in the Linux kernel, specifically in the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, leading to a denial of service and potentially disrupting the availability of protected information. The `sctp process unk param` function in `net/sctp/sm make chunk.c` is vulnerable when SCTP is enabled, allowing remote attackers to cause a system crash via an SCTPChunkInit packet containing multiple invalid parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.