SUSE-SU-2023:4483-1

Опубликовано: 20 нояб. 2023

Источник: suse-cvrf

Описание

Security update for frr

This update for frr fixes the following issues:

CVE-2023-46752: Fixed denial of service caused by mishandling malformed MP_REACH_NLRI data (bsc#1216627).
CVE-2023-46753: Fixed denial of service caused by crafted BGP UPDATE messages (bsc#1216626).

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP4

frr-7.4-150300.4.20.1

frr-devel-7.4-150300.4.20.1

libfrr0-7.4-150300.4.20.1

libfrr_pb0-7.4-150300.4.20.1

libfrrcares0-7.4-150300.4.20.1

libfrrfpm_pb0-7.4-150300.4.20.1

libfrrgrpc_pb0-7.4-150300.4.20.1

libfrrospfapiclient0-7.4-150300.4.20.1

libfrrsnmp0-7.4-150300.4.20.1

libfrrzmq0-7.4-150300.4.20.1

libmlag_pb0-7.4-150300.4.20.1

openSUSE Leap 15.4

frr-7.4-150300.4.20.1

frr-devel-7.4-150300.4.20.1

libfrr0-7.4-150300.4.20.1

libfrr_pb0-7.4-150300.4.20.1

libfrrcares0-7.4-150300.4.20.1

libfrrfpm_pb0-7.4-150300.4.20.1

libfrrgrpc_pb0-7.4-150300.4.20.1

libfrrospfapiclient0-7.4-150300.4.20.1

libfrrsnmp0-7.4-150300.4.20.1

libfrrzmq0-7.4-150300.4.20.1

libmlag_pb0-7.4-150300.4.20.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234483-1/
Link for SUSE-SU-2023:4483-1
https://lists.suse.com/pipermail/sle-security-updates/2023-November/017127.html
E-Mail link for SUSE-SU-2023:4483-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216626
SUSE Bug 1216626
https://bugzilla.suse.com/1216627
SUSE Bug 1216627
https://www.suse.com/security/cve/CVE-2023-46752/
SUSE CVE CVE-2023-46752 page
https://www.suse.com/security/cve/CVE-2023-46753/
SUSE CVE CVE-2023-46753 page

Описание

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP4:frr-7.4-150300.4.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP4:frr-devel-7.4-150300.4.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP4:libfrr0-7.4-150300.4.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP4:libfrr_pb0-7.4-150300.4.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-46752.html
CVE-2023-46752
https://bugzilla.suse.com/1216627
SUSE Bug 1216627

Описание

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP4:frr-7.4-150300.4.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP4:frr-devel-7.4-150300.4.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP4:libfrr0-7.4-150300.4.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP4:libfrr_pb0-7.4-150300.4.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-46753.html
CVE-2023-46753
https://bugzilla.suse.com/1216626
SUSE Bug 1216626

SUSE-SU-2023:4483-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-46752

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-46753

Описание

Затронутые продукты

Ссылки