auto commit by copy to link target

• Files Changed
• Browse Source

- Apply upstream fix for a crash on malformed BGP UPDATE message
  with an EOR, because the presence of EOR does not lead to a
  treat-as-withdraw outcome (CVE-2023-47235,1216896,https://github.com/FRRouting/frr/pull/14716/commits/6814f2e0138a6ea5e1f83bdd9085d9a77999900b)
  [+ 0015-bgpd-Treat-EOR-as-withdrawn-to-avoid-unwanted-handli.patch]
- Apply upstream fix for a crash on crafted BGP UPDATE message with
  a MP_UNREACH_NLRI attribute and additional NLRI data (CVE-2023-47234,
  bsc#1216897,ttps://github.com/FRRouting/frr/pull/14716/commits/c37119df45bbf4ef713bc10475af2ee06e12f3bf)
  [+ 0016-bgpd-Ignore-handling-NLRIs-if-we-received-MP_UNREACH.patch]
- Apply upstream fix for attempts to read beyond the end of the
  stream during labeled unicast parsing (CVE-2023-38407,bsc#1216899,https://github.com/FRRouting/frr/pull/12956/commits/ab362eae68edec12c175d9bc488bcc3f8b73d36f)
  [+ 0017-bgpd-Fix-use-beyond-end-of-stream-of-labeled-unicast.patch]
- Apply upstream fix for an nlri length of zero mishandling, aka
  "flowspec overflow" (CVE-2023-38406,bsc#1216900,https://github.com/FRRouting/frr/pull/12884/commits/0b999c886e241c52bd1f7ef0066700e4b618ebb3)
  [+ 0018-bgpd-Flowspec-overflow-issue.patch]

• Files Changed
• Browse Source

auto commit by copy to link target

• Files Changed
• Browse Source

- Apply upstream fix for a crash due to a crafted BGP UPDATE message
  (CVE-2023-46753,bsc#1216626,https://github.com/FRRouting/frr/pull/14655/commits/21418d64af11553c402f932b0311c812d98ac3e4).
  [+ 0013-bgpd-Check-mandatory-attributes-more-carefully-for-U.patch]
- Apply upstream fix for a crash due to mishandled malformed
  MP_REACH_NLRI data (CVE-2023-46752,bsc#1216627,https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35).
  [+ 0014-bgpd-Handle-MP_REACH_NLRI-malformed-packets-with-ses.patch]

• Files Changed
• Browse Source

auto commit by copy to link target

• Files Changed
• Browse Source

- Apply upstream fix for NULL pointer dereference due to processing
  of malformed requests with no attributes in bgp_nlri_parse_flowspec
  (CVE-2023-41909,bsc#1215065,https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8).
  [+ 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch]

• Files Changed
• Browse Source

auto commit by copy to link target

• Files Changed
• Browse Source

- Removed protobuf-c BuildRequires (source package name) breaking
  build-system setup with libprotobuf-c-devel 1.3.2 updates.
- Apply upstream fix babeld: avoid infinite loops (CVE-2023-3748,bsc#1213434,
  gh#FRRouting/frr#11808,https://github.com/FRRouting/frr/pull/12952)
  [+ 0011-babeld-fix-11808-to-avoid-infinite-loops.patch]

• Files Changed
• Browse Source

- Removed protobuf-c BuildRequires breaking build-system setup

• Files Changed
• Browse Source

- Apply upstream fix for bgpd: Don't read initial byte of the ORF
  header in an ahead-of-stream situation (CVE-2023-41360,
  bsc#1214739,https://github.com/FRRouting/frr/pull/14245)
  [+ 0008-bgpd-Don-t-read-the-first-byte-of-ORF-header-if-we-a.patch]
- Apply upstream fix for bgpd: Do not process NLRIs if the attribute
  length is zero (CVE-2023-41358,bsc#1214735,
  https://github.com/FRRouting/frr/pull/14260)
  [+ 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch]
- Apply upstream fix bgpd: Use treat-as-withdraw for tunnel encapsulation
  attribute instead of session reset (CVE-2023-38802,bsc#1213284,
  https://github.com/FRRouting/frr/pull/14290)
  [+ 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch]

• Files Changed
• Browse Source

• Browse Source