Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:0901-1

Опубликовано: 18 мар. 2022
Источник: suse-cvrf

Описание

Security update for frr

This update for frr fixes the following issues:

  • CVE-2022-26125, CVE-2022-26126: Fixed buffer overflows in unpack_tlv_router_cap() (bsc#1196505, bsc#1196506).
  • CVE-2022-26127: Fixed heap buffer overflow in babel_packet_examin() (bsc#1196503).
  • CVE-2022-26128: Fixed buffer overflows in babel_packet_examin() (bsc#1196507).
  • CVE-2022-26129: Fixed buffer overflows in parse_hello_subtlv(), parse_ihu_subtlv() and parse_update_subtlv() (bsc#1196504).

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP3
frr-7.4-150300.4.3.1
frr-devel-7.4-150300.4.3.1
libfrr0-7.4-150300.4.3.1
libfrr_pb0-7.4-150300.4.3.1
libfrrcares0-7.4-150300.4.3.1
libfrrfpm_pb0-7.4-150300.4.3.1
libfrrgrpc_pb0-7.4-150300.4.3.1
libfrrospfapiclient0-7.4-150300.4.3.1
libfrrsnmp0-7.4-150300.4.3.1
libfrrzmq0-7.4-150300.4.3.1
libmlag_pb0-7.4-150300.4.3.1

Ссылки

Описание

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.3.1
Ссылки

Описание

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.3.1
Ссылки

Описание

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.3.1
Ссылки

Описание

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.3.1
Ссылки

Описание

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.3.1
Ссылки