Описание
Security update for frr
This update for frr fixes the following issues:
- CVE-2022-37032: Fixed out-of-bounds read in the BGP daemon that may lead to information disclosure or denial of service (bsc#1202023).
- CVE-2019-25074: Fixed a memory leak in the IS-IS daemon that may lead to server memory exhaustion (bsc#1202022).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP3
frr-7.4-150300.4.7.1
frr-devel-7.4-150300.4.7.1
libfrr0-7.4-150300.4.7.1
libfrr_pb0-7.4-150300.4.7.1
libfrrcares0-7.4-150300.4.7.1
libfrrfpm_pb0-7.4-150300.4.7.1
libfrrgrpc_pb0-7.4-150300.4.7.1
libfrrospfapiclient0-7.4-150300.4.7.1
libfrrsnmp0-7.4-150300.4.7.1
libfrrzmq0-7.4-150300.4.7.1
libmlag_pb0-7.4-150300.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
frr-7.4-150300.4.7.1
frr-devel-7.4-150300.4.7.1
libfrr0-7.4-150300.4.7.1
libfrr_pb0-7.4-150300.4.7.1
libfrrcares0-7.4-150300.4.7.1
libfrrfpm_pb0-7.4-150300.4.7.1
libfrrgrpc_pb0-7.4-150300.4.7.1
libfrrospfapiclient0-7.4-150300.4.7.1
libfrrsnmp0-7.4-150300.4.7.1
libfrrzmq0-7.4-150300.4.7.1
libmlag_pb0-7.4-150300.4.7.1
openSUSE Leap 15.3
frr-7.4-150300.4.7.1
frr-devel-7.4-150300.4.7.1
libfrr0-7.4-150300.4.7.1
libfrr_pb0-7.4-150300.4.7.1
libfrrcares0-7.4-150300.4.7.1
libfrrfpm_pb0-7.4-150300.4.7.1
libfrrgrpc_pb0-7.4-150300.4.7.1
libfrrospfapiclient0-7.4-150300.4.7.1
libfrrsnmp0-7.4-150300.4.7.1
libfrrzmq0-7.4-150300.4.7.1
libmlag_pb0-7.4-150300.4.7.1
openSUSE Leap 15.4
frr-7.4-150300.4.7.1
frr-devel-7.4-150300.4.7.1
libfrr0-7.4-150300.4.7.1
libfrr_pb0-7.4-150300.4.7.1
libfrrcares0-7.4-150300.4.7.1
libfrrfpm_pb0-7.4-150300.4.7.1
libfrrgrpc_pb0-7.4-150300.4.7.1
libfrrospfapiclient0-7.4-150300.4.7.1
libfrrsnmp0-7.4-150300.4.7.1
libfrrzmq0-7.4-150300.4.7.1
libmlag_pb0-7.4-150300.4.7.1
Ссылки
- Link for SUSE-SU-2022:3246-1
- E-Mail link for SUSE-SU-2022:3246-1
- SUSE Security Ratings
- SUSE Bug 1202022
- SUSE Bug 1202023
- SUSE CVE CVE-2019-25074 page
- SUSE CVE CVE-2022-37032 page
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.7.1
Ссылки
- CVE-2019-25074
- SUSE Bug 1202022
Описание
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.7.1
Ссылки
- CVE-2022-37032
- SUSE Bug 1202023