ALSA-2024:0130
- Source
- https://errata.almalinux.org/8/ALSA-2024-0130.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0130.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2024:0130
- Related
- Published
- 2024-01-10T00:00:00Z
- Modified
- 2024-01-16T16:44:16Z
- Summary
- Moderate: frr security update
- Details
-
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
- ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)
- ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)
- frr: crash from specially crafted MPUNREACHNLRI-containing BGP UPDATE message (CVE-2023-47234)
- frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2024:0130
- https://access.redhat.com/security/cve/CVE-2023-38406
- https://access.redhat.com/security/cve/CVE-2023-38407
- https://access.redhat.com/security/cve/CVE-2023-47234
- https://access.redhat.com/security/cve/CVE-2023-47235
- https://bugzilla.redhat.com/2248207
- https://bugzilla.redhat.com/2248208
- https://bugzilla.redhat.com/2248526
- https://bugzilla.redhat.com/2248528
- https://errata.almalinux.org/8/ALSA-2024-0130.html
Affected packages
AlmaLinux:8 / frr
Package
- Name
- frr