Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
patchinfo.31712
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.31712
<patchinfo incident="31712"> <issue tracker="cve" id="2023-38407"/> <issue tracker="cve" id="2023-47234"/> <issue tracker="cve" id="2023-47235"/> <issue tracker="cve" id="2023-38406"/> <issue tracker="bnc" id="1216896">VUL-0: CVE-2023-47235: frr,quagga: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.</issue> <issue tracker="bnc" id="1216897">VUL-0: CVE-2023-47234: frr,quagga: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).</issue> <issue tracker="bnc" id="1216900">VUL-0: CVE-2023-38406: frr,quagga: bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."</issue> <issue tracker="bnc" id="1216899">VUL-0: CVE-2023-38407: frr,quagga: bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.</issue> <packager>mtomaschewski</packager> <rating>important</rating> <category>security</category> <summary>Security update for frr</summary> <description>This update for frr fixes the following issues: - CVE-2023-47235: Fixed denial of service caused by malformed BGP UPDATE message with an EOR is processed (bsc#1216896). - CVE-2023-47234: Fixed denial of service caused by crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute (bsc#1216897). - CVE-2023-38407: Fixed read beyond the end of the stream during labeled unicast parsing (bsc#1216899). - CVE-2023-38406: Fixed mishandling of nlri length of zero, aka a "flowspec overflow (bsc#1216900). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor