Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:3433-1

Опубликовано: 25 сент. 2024
Источник: suse-cvrf

Описание

Security update for quagga

This update for quagga fixes the following issues:

  • CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866)
  • CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438)
  • CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023)

Список пакетов

SUSE Enterprise Storage 7.1
libfpm_pb0-1.1.1-150000.4.6.1
libospf0-1.1.1-150000.4.6.1
libospfapiclient0-1.1.1-150000.4.6.1
libquagga_pb0-1.1.1-150000.4.6.1
libzebra1-1.1.1-150000.4.6.1
quagga-1.1.1-150000.4.6.1
quagga-devel-1.1.1-150000.4.6.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libfpm_pb0-1.1.1-150000.4.6.1
libospf0-1.1.1-150000.4.6.1
libospfapiclient0-1.1.1-150000.4.6.1
libquagga_pb0-1.1.1-150000.4.6.1
libzebra1-1.1.1-150000.4.6.1
quagga-1.1.1-150000.4.6.1
quagga-devel-1.1.1-150000.4.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libfpm_pb0-1.1.1-150000.4.6.1
libospf0-1.1.1-150000.4.6.1
libospfapiclient0-1.1.1-150000.4.6.1
libquagga_pb0-1.1.1-150000.4.6.1
libzebra1-1.1.1-150000.4.6.1
quagga-1.1.1-150000.4.6.1
quagga-devel-1.1.1-150000.4.6.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libfpm_pb0-1.1.1-150000.4.6.1
libospf0-1.1.1-150000.4.6.1
libospfapiclient0-1.1.1-150000.4.6.1
libquagga_pb0-1.1.1-150000.4.6.1
libzebra1-1.1.1-150000.4.6.1
quagga-1.1.1-150000.4.6.1
quagga-devel-1.1.1-150000.4.6.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libfpm_pb0-1.1.1-150000.4.6.1
libospf0-1.1.1-150000.4.6.1
libospfapiclient0-1.1.1-150000.4.6.1
libquagga_pb0-1.1.1-150000.4.6.1
libzebra1-1.1.1-150000.4.6.1
quagga-1.1.1-150000.4.6.1
quagga-devel-1.1.1-150000.4.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libfpm_pb0-1.1.1-150000.4.6.1
libospf0-1.1.1-150000.4.6.1
libospfapiclient0-1.1.1-150000.4.6.1
libquagga_pb0-1.1.1-150000.4.6.1
libzebra1-1.1.1-150000.4.6.1
quagga-1.1.1-150000.4.6.1
quagga-devel-1.1.1-150000.4.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libfpm_pb0-1.1.1-150000.4.6.1
libospf0-1.1.1-150000.4.6.1
libospfapiclient0-1.1.1-150000.4.6.1
libquagga_pb0-1.1.1-150000.4.6.1
libzebra1-1.1.1-150000.4.6.1
quagga-1.1.1-150000.4.6.1
quagga-devel-1.1.1-150000.4.6.1

Ссылки

Описание

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).

Затронутые продукты
SUSE Enterprise Storage 7.1:libfpm_pb0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libospf0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libospfapiclient0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libquagga_pb0-1.1.1-150000.4.6.1
Ссылки

Описание

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

Затронутые продукты
SUSE Enterprise Storage 7.1:libfpm_pb0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libospf0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libospfapiclient0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libquagga_pb0-1.1.1-150000.4.6.1
Ссылки

Описание

An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.

Затронутые продукты
SUSE Enterprise Storage 7.1:libfpm_pb0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libospf0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libospfapiclient0-1.1.1-150000.4.6.1
SUSE Enterprise Storage 7.1:libquagga_pb0-1.1.1-150000.4.6.1
Ссылки