Описание
Security update for frr
This update for frr fixes the following issues:
- CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgp_attr_encap (bsc#1229438)
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP5
frr-8.4-150500.4.26.1
frr-devel-8.4-150500.4.26.1
libfrr0-8.4-150500.4.26.1
libfrr_pb0-8.4-150500.4.26.1
libfrrcares0-8.4-150500.4.26.1
libfrrfpm_pb0-8.4-150500.4.26.1
libfrrospfapiclient0-8.4-150500.4.26.1
libfrrsnmp0-8.4-150500.4.26.1
libfrrzmq0-8.4-150500.4.26.1
libmlag_pb0-8.4-150500.4.26.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
frr-8.4-150500.4.26.1
frr-devel-8.4-150500.4.26.1
libfrr0-8.4-150500.4.26.1
libfrr_pb0-8.4-150500.4.26.1
libfrrcares0-8.4-150500.4.26.1
libfrrfpm_pb0-8.4-150500.4.26.1
libfrrospfapiclient0-8.4-150500.4.26.1
libfrrsnmp0-8.4-150500.4.26.1
libfrrzmq0-8.4-150500.4.26.1
libmlag_pb0-8.4-150500.4.26.1
openSUSE Leap 15.5
frr-8.4-150500.4.26.1
frr-devel-8.4-150500.4.26.1
libfrr0-8.4-150500.4.26.1
libfrr_pb0-8.4-150500.4.26.1
libfrrcares0-8.4-150500.4.26.1
libfrrfpm_pb0-8.4-150500.4.26.1
libfrrospfapiclient0-8.4-150500.4.26.1
libfrrsnmp0-8.4-150500.4.26.1
libfrrzmq0-8.4-150500.4.26.1
libmlag_pb0-8.4-150500.4.26.1
openSUSE Leap 15.6
frr-8.4-150500.4.26.1
frr-devel-8.4-150500.4.26.1
libfrr0-8.4-150500.4.26.1
libfrr_pb0-8.4-150500.4.26.1
libfrrcares0-8.4-150500.4.26.1
libfrrfpm_pb0-8.4-150500.4.26.1
libfrrospfapiclient0-8.4-150500.4.26.1
libfrrsnmp0-8.4-150500.4.26.1
libfrrzmq0-8.4-150500.4.26.1
libmlag_pb0-8.4-150500.4.26.1
Ссылки
- Link for SUSE-SU-2024:3108-1
- E-Mail link for SUSE-SU-2024:3108-1
- SUSE Security Ratings
- SUSE Bug 1229438
- SUSE CVE CVE-2024-44070 page
Описание
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-8.4-150500.4.26.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:frr-devel-8.4-150500.4.26.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr0-8.4-150500.4.26.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:libfrr_pb0-8.4-150500.4.26.1
Ссылки
- CVE-2024-44070
- SUSE Bug 1229438