A NULL pointer dereference flaw was found in the way Quagga bgpd daemon processed malformed route information. A configured BGP peer could crash bgpd on a target system via a BGP message with specially-crafted value of BGP Extended Communities attribute.
This issue affects the versions of the quagga package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the quagga package, as shipped with Fedora release of 13 and 14.
Updated upstream version, addressing this: http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200
Created quagga tracking bugs for this issue Affects: fedora-all [bug 689852]
Statement: Vulnerable. This issue affects quagga packages in Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0406 https://rhn.redhat.com/errata/RHSA-2011-0406.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1258 https://rhn.redhat.com/errata/RHSA-2012-1258.html