Описание
Security update for frr
This update for frr fixes the following issue:
- Arithmetic overflow when parsing attribute of update packet due to regression introduced by the fix for CVE-2017-15865. (bsc#1230866)
Список пакетов
SUSE Enterprise Storage 7.1
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Linux Enterprise Server 15 SP3-LTSS
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Linux Enterprise Server 15 SP4-LTSS
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Manager Proxy 4.3
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
SUSE Manager Server 4.3
frr-7.4-150300.4.32.1
frr-devel-7.4-150300.4.32.1
libfrr0-7.4-150300.4.32.1
libfrr_pb0-7.4-150300.4.32.1
libfrrcares0-7.4-150300.4.32.1
libfrrfpm_pb0-7.4-150300.4.32.1
libfrrgrpc_pb0-7.4-150300.4.32.1
libfrrospfapiclient0-7.4-150300.4.32.1
libfrrsnmp0-7.4-150300.4.32.1
libfrrzmq0-7.4-150300.4.32.1
libmlag_pb0-7.4-150300.4.32.1
Ссылки
- Link for SUSE-SU-2024:3524-1
- E-Mail link for SUSE-SU-2024:3524-1
- SUSE Security Ratings
- SUSE Bug 1230866
- SUSE CVE CVE-2017-15865 page
Описание
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
Затронутые продукты
SUSE Enterprise Storage 7.1:frr-7.4-150300.4.32.1
SUSE Enterprise Storage 7.1:frr-devel-7.4-150300.4.32.1
SUSE Enterprise Storage 7.1:libfrr0-7.4-150300.4.32.1
SUSE Enterprise Storage 7.1:libfrr_pb0-7.4-150300.4.32.1
Ссылки
- CVE-2017-15865
- SUSE Bug 1230866