Описание
Security update for frr
This update for frr fixes the following issues:
- CVE-2023-47235: Fixed denial of service caused by malformed BGP UPDATE message with an EOR is processed (bsc#1216896).
- CVE-2023-47234: Fixed denial of service caused by crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute (bsc#1216897).
- CVE-2023-38407: Fixed read beyond the end of the stream during labeled unicast parsing (bsc#1216899).
- CVE-2023-38406: Fixed mishandling of nlri length of zero, aka a 'flowspec overflow (bsc#1216900).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP5
frr-8.4-150500.4.15.1
frr-devel-8.4-150500.4.15.1
libfrr0-8.4-150500.4.15.1
libfrr_pb0-8.4-150500.4.15.1
libfrrcares0-8.4-150500.4.15.1
libfrrfpm_pb0-8.4-150500.4.15.1
libfrrospfapiclient0-8.4-150500.4.15.1
libfrrsnmp0-8.4-150500.4.15.1
libfrrzmq0-8.4-150500.4.15.1
libmlag_pb0-8.4-150500.4.15.1
openSUSE Leap 15.5
frr-8.4-150500.4.15.1
frr-devel-8.4-150500.4.15.1
libfrr0-8.4-150500.4.15.1
libfrr_pb0-8.4-150500.4.15.1
libfrrcares0-8.4-150500.4.15.1
libfrrfpm_pb0-8.4-150500.4.15.1
libfrrospfapiclient0-8.4-150500.4.15.1
libfrrsnmp0-8.4-150500.4.15.1
libfrrzmq0-8.4-150500.4.15.1
libmlag_pb0-8.4-150500.4.15.1
Ссылки
- Link for SUSE-SU-2023:4663-1
- E-Mail link for SUSE-SU-2023:4663-1
- SUSE Security Ratings
- SUSE Bug 1216896
- SUSE Bug 1216897
- SUSE Bug 1216899
- SUSE Bug 1216900
- SUSE CVE CVE-2023-38406 page
- SUSE CVE CVE-2023-38407 page
- SUSE CVE CVE-2023-47234 page
- SUSE CVE CVE-2023-47235 page
Описание
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.15.1
Ссылки
- CVE-2023-38406
- SUSE Bug 1216900
Описание
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.15.1
Ссылки
- CVE-2023-38407
- SUSE Bug 1216899
Описание
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.15.1
Ссылки
- CVE-2023-47234
- SUSE Bug 1216897
Описание
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.15.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.15.1
Ссылки
- CVE-2023-47235
- SUSE Bug 1216896