Описание
Security update for frr
This update for frr fixes the following issues:
- CVE-2023-38406: Fixed nlri length of zero mishandling, aka 'flowspec overflow'. (bsc#1216900)
- CVE-2023-47235: Fixed a crash on malformed BGP UPDATE message with an EOR, because the presence of EOR does not lead to a treat-as-withdraw outcome. (bsc#1216896)
- CVE-2023-47234: Fixed a crash on crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data. (bsc#1216897)
- CVE-2023-38407: Fixed attempts to read beyond the end of the stream during labeled unicast parsing. (bsc#1216899)
Список пакетов
SUSE Enterprise Storage 7.1
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Linux Enterprise Server 15 SP3-LTSS
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Linux Enterprise Server 15 SP4-LTSS
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Manager Proxy 4.3
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
SUSE Manager Server 4.3
frr-7.4-150300.4.26.1
frr-devel-7.4-150300.4.26.1
libfrr0-7.4-150300.4.26.1
libfrr_pb0-7.4-150300.4.26.1
libfrrcares0-7.4-150300.4.26.1
libfrrfpm_pb0-7.4-150300.4.26.1
libfrrgrpc_pb0-7.4-150300.4.26.1
libfrrospfapiclient0-7.4-150300.4.26.1
libfrrsnmp0-7.4-150300.4.26.1
libfrrzmq0-7.4-150300.4.26.1
libmlag_pb0-7.4-150300.4.26.1
Ссылки
- Link for SUSE-SU-2024:2245-1
- E-Mail link for SUSE-SU-2024:2245-1
- SUSE Security Ratings
- SUSE Bug 1216896
- SUSE Bug 1216897
- SUSE Bug 1216899
- SUSE Bug 1216900
- SUSE CVE CVE-2023-38406 page
- SUSE CVE CVE-2023-38407 page
- SUSE CVE CVE-2023-47234 page
- SUSE CVE CVE-2023-47235 page
Описание
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
Затронутые продукты
SUSE Enterprise Storage 7.1:frr-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:frr-devel-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:libfrr0-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:libfrr_pb0-7.4-150300.4.26.1
Ссылки
- CVE-2023-38406
- SUSE Bug 1216900
Описание
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Затронутые продукты
SUSE Enterprise Storage 7.1:frr-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:frr-devel-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:libfrr0-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:libfrr_pb0-7.4-150300.4.26.1
Ссылки
- CVE-2023-38407
- SUSE Bug 1216899
Описание
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
Затронутые продукты
SUSE Enterprise Storage 7.1:frr-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:frr-devel-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:libfrr0-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:libfrr_pb0-7.4-150300.4.26.1
Ссылки
- CVE-2023-47234
- SUSE Bug 1216897
Описание
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
Затронутые продукты
SUSE Enterprise Storage 7.1:frr-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:frr-devel-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:libfrr0-7.4-150300.4.26.1
SUSE Enterprise Storage 7.1:libfrr_pb0-7.4-150300.4.26.1
Ссылки
- CVE-2023-47235
- SUSE Bug 1216896