Описание
Security update for frr
This update for frr fixes the following issues:
Update to frr 8.5.6 (jsc#PED-PED-11092) including fixes for:
- CVE-2024-44070,CVE-2024-34088,CVE-2024-31951,CVE-2024-31950, CVE-2024-31948,CVE-2024-27913,CVE-2023-47235,CVE-2023-47234, CVE-2023-46753,CVE-2023-46752,CVE-2023-41909,CVE-2023-41360, CVE-2023-41358,CVE-2023-38802,CVE-2023-38407,CVE-2023-38406, CVE-2023-3748,CVE-2023-31490,CVE-2023-31489 and other bugfixes. See https://frrouting.org/release/8.5.6/ for details.
The most recent frr 8.x series provides several new features, improvements and bug fixes for various protocols and daemons, especially for PIM/PIMv6/BGP and VRF support.
See https://frrouting.org/release/8.5/ for details and links.
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP5
SUSE Linux Enterprise Module for Server Applications 15 SP6
openSUSE Leap 15.5
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2024:4090-1
- E-Mail link for SUSE-SU-2024:4090-1
- SUSE Security Ratings
- SUSE CVE CVE-2023-31489 page
- SUSE CVE CVE-2023-31490 page
- SUSE CVE CVE-2023-3748 page
- SUSE CVE CVE-2023-38406 page
- SUSE CVE CVE-2023-38407 page
- SUSE CVE CVE-2023-38802 page
- SUSE CVE CVE-2023-41358 page
- SUSE CVE CVE-2023-41360 page
- SUSE CVE CVE-2023-41909 page
- SUSE CVE CVE-2023-46752 page
- SUSE CVE CVE-2023-46753 page
- SUSE CVE CVE-2023-47234 page
- SUSE CVE CVE-2023-47235 page
- SUSE CVE CVE-2024-27913 page
- SUSE CVE CVE-2024-31948 page
- SUSE CVE CVE-2024-31950 page
- SUSE CVE CVE-2024-31951 page
Описание
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.
Затронутые продукты
Ссылки
- CVE-2023-31489
- SUSE Bug 1211248
Описание
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.
Затронутые продукты
Ссылки
- CVE-2023-31490
- SUSE Bug 1211249
Описание
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-3748
- SUSE Bug 1213434
Описание
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
Затронутые продукты
Ссылки
- CVE-2023-38406
- SUSE Bug 1216900
Описание
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Затронутые продукты
Ссылки
- CVE-2023-38407
- SUSE Bug 1216899
Описание
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
Затронутые продукты
Ссылки
- CVE-2023-38802
- SUSE Bug 1213284
Описание
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
Затронутые продукты
Ссылки
- CVE-2023-41358
- SUSE Bug 1214735
Описание
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
Затронутые продукты
Ссылки
- CVE-2023-41360
- SUSE Bug 1214739
Описание
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2023-41909
- SUSE Bug 1215065
Описание
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
Затронутые продукты
Ссылки
- CVE-2023-46752
- SUSE Bug 1216627
Описание
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
Затронутые продукты
Ссылки
- CVE-2023-46753
- SUSE Bug 1216626
Описание
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
Затронутые продукты
Ссылки
- CVE-2023-47234
- SUSE Bug 1216897
Описание
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
Затронутые продукты
Ссылки
- CVE-2023-47235
- SUSE Bug 1216896
Описание
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
Затронутые продукты
Ссылки
- CVE-2024-27913
- SUSE Bug 1220548
Описание
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
Затронутые продукты
Ссылки
- CVE-2024-31948
- SUSE Bug 1222518
Описание
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
Затронутые продукты
Ссылки
- CVE-2024-31950
- SUSE Bug 1222526
Описание
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
Затронутые продукты
Ссылки
- CVE-2024-31951
- SUSE Bug 1222528
Описание
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
Затронутые продукты
Ссылки
- CVE-2024-34088
- SUSE Bug 1223786
Описание
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
Затронутые продукты
Ссылки
- CVE-2024-44070
- SUSE Bug 1229438