Описание
Security update for quagga
This update for quagga fixes the following issues:
- CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866)
- CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438)
- CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023)
Bug fixes:
- References to /var/adm/fillup-templates replaced with new %_fillupdir macro. (bsc#1069468)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2024:3426-1
- E-Mail link for SUSE-SU-2024:3426-1
- SUSE Security Ratings
- SUSE Bug 1069468
- SUSE Bug 1079798
- SUSE Bug 1079799
- SUSE Bug 1079800
- SUSE Bug 1079801
- SUSE Bug 1202023
- SUSE Bug 1229438
- SUSE Bug 1230866
- SUSE CVE CVE-2017-15865 page
- SUSE CVE CVE-2018-5378 page
- SUSE CVE CVE-2018-5379 page
- SUSE CVE CVE-2018-5380 page
- SUSE CVE CVE-2018-5381 page
- SUSE CVE CVE-2022-37032 page
- SUSE CVE CVE-2024-44070 page
Описание
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
Затронутые продукты
Ссылки
- CVE-2017-15865
- SUSE Bug 1230866
Описание
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
Затронутые продукты
Ссылки
- CVE-2018-5378
- SUSE Bug 1079798
Описание
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2018-5379
- SUSE Bug 1079799
Описание
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
Затронутые продукты
Ссылки
- CVE-2018-5380
- SUSE Bug 1079800
Описание
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
Затронутые продукты
Ссылки
- CVE-2018-5381
- SUSE Bug 1079801
Описание
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
Затронутые продукты
Ссылки
- CVE-2022-37032
- SUSE Bug 1202023
Описание
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
Затронутые продукты
Ссылки
- CVE-2024-44070
- SUSE Bug 1229438