Описание
ELSA-2020-4619: frr security and bug fix update (MODERATE)
[7.0-10]
- Resolves: #1867793 - FRR does not conform to the source port range specified in RFC5881
[7.0-9]
- Resolves: #1852476 - default permission issue eases information leaks
[7.0-8]
- Resolves: #1819319 - frr fails to start start if the initscripts package is missing
[7.0-7]
- Resolves: #1758544 - IGMPv3 queries may lead to DoS
[7.0-6]
- Resolves: #1776342 - frr has missing dependency on iproute
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
frr
7.0-10.el8
frr-contrib
7.0-10.el8
Oracle Linux x86_64
frr
7.0-10.el8
frr-contrib
7.0-10.el8
Связанные CVE
Связанные уязвимости
An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file
An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file
An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file
An issue was discovered in FRRouting FRR (aka Free Range Routing) thro ...
** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file.