Описание
Security update for frr
This update for frr fixes the following issues:
- CVE-2022-37035: Fixed a possible use-after-free due to a race condition related to bgp_notify_send_with_data() and bgp_process_packet() (bsc#1202085).
- CVE-2022-42917: Fixed a privilege escalation from frr to root in frr config creation (bsc#1204124).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP3
frr-7.4-150300.4.10.1
frr-devel-7.4-150300.4.10.1
libfrr0-7.4-150300.4.10.1
libfrr_pb0-7.4-150300.4.10.1
libfrrcares0-7.4-150300.4.10.1
libfrrfpm_pb0-7.4-150300.4.10.1
libfrrgrpc_pb0-7.4-150300.4.10.1
libfrrospfapiclient0-7.4-150300.4.10.1
libfrrsnmp0-7.4-150300.4.10.1
libfrrzmq0-7.4-150300.4.10.1
libmlag_pb0-7.4-150300.4.10.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
frr-7.4-150300.4.10.1
frr-devel-7.4-150300.4.10.1
libfrr0-7.4-150300.4.10.1
libfrr_pb0-7.4-150300.4.10.1
libfrrcares0-7.4-150300.4.10.1
libfrrfpm_pb0-7.4-150300.4.10.1
libfrrgrpc_pb0-7.4-150300.4.10.1
libfrrospfapiclient0-7.4-150300.4.10.1
libfrrsnmp0-7.4-150300.4.10.1
libfrrzmq0-7.4-150300.4.10.1
libmlag_pb0-7.4-150300.4.10.1
openSUSE Leap 15.3
frr-7.4-150300.4.10.1
frr-devel-7.4-150300.4.10.1
libfrr0-7.4-150300.4.10.1
libfrr_pb0-7.4-150300.4.10.1
libfrrcares0-7.4-150300.4.10.1
libfrrfpm_pb0-7.4-150300.4.10.1
libfrrgrpc_pb0-7.4-150300.4.10.1
libfrrospfapiclient0-7.4-150300.4.10.1
libfrrsnmp0-7.4-150300.4.10.1
libfrrzmq0-7.4-150300.4.10.1
libmlag_pb0-7.4-150300.4.10.1
openSUSE Leap 15.4
frr-7.4-150300.4.10.1
frr-devel-7.4-150300.4.10.1
libfrr0-7.4-150300.4.10.1
libfrr_pb0-7.4-150300.4.10.1
libfrrcares0-7.4-150300.4.10.1
libfrrfpm_pb0-7.4-150300.4.10.1
libfrrgrpc_pb0-7.4-150300.4.10.1
libfrrospfapiclient0-7.4-150300.4.10.1
libfrrsnmp0-7.4-150300.4.10.1
libfrrzmq0-7.4-150300.4.10.1
libmlag_pb0-7.4-150300.4.10.1
Ссылки
- Link for SUSE-SU-2022:4130-1
- E-Mail link for SUSE-SU-2022:4130-1
- SUSE Security Ratings
- SUSE Bug 1202085
- SUSE Bug 1204124
- SUSE CVE CVE-2022-37035 page
- SUSE CVE CVE-2022-42917 page
Описание
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.10.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.10.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.10.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.10.1
Ссылки
- CVE-2022-37035
- SUSE Bug 1202085
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-7.4-150300.4.10.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:frr-devel-7.4-150300.4.10.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr0-7.4-150300.4.10.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:libfrr_pb0-7.4-150300.4.10.1
Ссылки
- CVE-2022-42917
- SUSE Bug 1204124