Описание
Moderate: frr security update
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
-
frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490)
-
frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358)
-
frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909)
-
frr: mishandled malformed data leading to a crash (CVE-2023-46752)
-
frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 2235839
- Red Hat - 2237416
- Red Hat - 2238992
- Red Hat - 2246379
- Red Hat - 2246381
Связанные уязвимости
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.