Multiple vulnerabilities has been identified and fixed in quagga:

The extended-community parser in bgpd in Quagga before 0.99.18 allows
remote attackers to cause a denial of service (NULL pointer dereference
and application crash) via a malformed Extended Communities attribute
(CVE-2010-1674).

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial
of service (session reset) via a malformed AS_PATHLIMIT path attribute
(CVE-2010-1675).

Updated packages are available that bring Quagga to version 0.99.18
which provides numerous bugfixes over the previous 0.99.17 version,
and also corrects these issues.