SUSE-SU-2023:4473-1

Опубликовано: 17 нояб. 2023

Источник: suse-cvrf

Описание

Security update for frr

This update for frr fixes the following issues:

CVE-2023-46753: Fixed a crash caused from a crafted BGP UPDATE message. (bsc#1216626)
CVE-2023-46752: Fixed a crash caused from a mishandled malformed MP_REACH_NLRI data. (bsc#1216627)

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP5

frr-8.4-150500.4.11.1

frr-devel-8.4-150500.4.11.1

libfrr0-8.4-150500.4.11.1

libfrr_pb0-8.4-150500.4.11.1

libfrrcares0-8.4-150500.4.11.1

libfrrfpm_pb0-8.4-150500.4.11.1

libfrrospfapiclient0-8.4-150500.4.11.1

libfrrsnmp0-8.4-150500.4.11.1

libfrrzmq0-8.4-150500.4.11.1

libmlag_pb0-8.4-150500.4.11.1

openSUSE Leap 15.5

frr-8.4-150500.4.11.1

frr-devel-8.4-150500.4.11.1

libfrr0-8.4-150500.4.11.1

libfrr_pb0-8.4-150500.4.11.1

libfrrcares0-8.4-150500.4.11.1

libfrrfpm_pb0-8.4-150500.4.11.1

libfrrospfapiclient0-8.4-150500.4.11.1

libfrrsnmp0-8.4-150500.4.11.1

libfrrzmq0-8.4-150500.4.11.1

libmlag_pb0-8.4-150500.4.11.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234473-1/
Link for SUSE-SU-2023:4473-1
https://lists.suse.com/pipermail/sle-security-updates/2023-November/017060.html
E-Mail link for SUSE-SU-2023:4473-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216626
SUSE Bug 1216626
https://bugzilla.suse.com/1216627
SUSE Bug 1216627
https://www.suse.com/security/cve/CVE-2023-46752/
SUSE CVE CVE-2023-46752 page
https://www.suse.com/security/cve/CVE-2023-46753/
SUSE CVE CVE-2023-46753 page

Описание

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-46752.html
CVE-2023-46752
https://bugzilla.suse.com/1216627
SUSE Bug 1216627

Описание

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-46753.html
CVE-2023-46753
https://bugzilla.suse.com/1216626
SUSE Bug 1216626

SUSE-SU-2023:4473-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-46752

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-46753

Описание

Затронутые продукты

Ссылки