Overview
Request 1108159 superseded
- Removed protobuf-c BuildRequires breaking build-system setup
- Apply upstream fix for bgpd: Don't read initial byte of the ORF
header in an ahead-of-stream situation (CVE-2023-41360,
bsc#1214739,https://github.com/FRRouting/frr/pull/14245)
[+ 0008-bgpd-Don-t-read-the-first-byte-of-ORF-header-if-we-a.patch]
- Apply upstream fix for bgpd: Do not process NLRIs if the attribute
length is zero (CVE-2023-41358,bsc#1214735,
https://github.com/FRRouting/frr/pull/14260)
[+ 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch]
- Apply upstream fix bgpd: Use treat-as-withdraw for tunnel encapsulation
attribute instead of session reset (CVE-2023-38802,bsc#1213284,
https://github.com/FRRouting/frr/pull/14290)
[+ 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch]
- Created by mtomaschewski
- In state superseded
-
Package maintainers:
emendonca,
mnhauke, and
mtomaschewski
- Superseded by 1108163
Request History
mtomaschewski created request
- Removed protobuf-c BuildRequires breaking build-system setup
- Apply upstream fix for bgpd: Don't read initial byte of the ORF
header in an ahead-of-stream situation (CVE-2023-41360,
bsc#1214739,https://github.com/FRRouting/frr/pull/14245)
[+ 0008-bgpd-Don-t-read-the-first-byte-of-ORF-header-if-we-a.patch]
- Apply upstream fix for bgpd: Do not process NLRIs if the attribute
length is zero (CVE-2023-41358,bsc#1214735,
https://github.com/FRRouting/frr/pull/14260)
[+ 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch]
- Apply upstream fix bgpd: Use treat-as-withdraw for tunnel encapsulation
attribute instead of session reset (CVE-2023-38802,bsc#1213284,
https://github.com/FRRouting/frr/pull/14290)
[+ 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch]
mtomaschewski superseded request
superseded by 1108163
