Описание
Security update for frr
This update for frr fixes the following issues:
- CVE-2024-27913: Fixed a denial of service issue via a malformed OSPF LSA packet (bsc#1220548).
- CVE-2024-31948: Fixed denial of service due to malformed Prefix SID attribute in BGP Update packet (bsc#1222518).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP5
frr-8.4-150500.4.20.1
frr-devel-8.4-150500.4.20.1
libfrr0-8.4-150500.4.20.1
libfrr_pb0-8.4-150500.4.20.1
libfrrcares0-8.4-150500.4.20.1
libfrrfpm_pb0-8.4-150500.4.20.1
libfrrospfapiclient0-8.4-150500.4.20.1
libfrrsnmp0-8.4-150500.4.20.1
libfrrzmq0-8.4-150500.4.20.1
libmlag_pb0-8.4-150500.4.20.1
openSUSE Leap 15.5
frr-8.4-150500.4.20.1
frr-devel-8.4-150500.4.20.1
libfrr0-8.4-150500.4.20.1
libfrr_pb0-8.4-150500.4.20.1
libfrrcares0-8.4-150500.4.20.1
libfrrfpm_pb0-8.4-150500.4.20.1
libfrrospfapiclient0-8.4-150500.4.20.1
libfrrsnmp0-8.4-150500.4.20.1
libfrrzmq0-8.4-150500.4.20.1
libmlag_pb0-8.4-150500.4.20.1
Ссылки
- Link for SUSE-SU-2024:1453-1
- E-Mail link for SUSE-SU-2024:1453-1
- SUSE Security Ratings
- SUSE Bug 1220548
- SUSE Bug 1222518
- SUSE CVE CVE-2024-27913 page
- SUSE CVE CVE-2024-31948 page
Описание
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.20.1
Ссылки
- CVE-2024-27913
- SUSE Bug 1220548
Описание
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.20.1
Ссылки
- CVE-2024-31948
- SUSE Bug 1222518