SUSE-SU-2023:3709-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3709-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:3709-1
- Related
- Published
- 2023-09-20T16:04:43Z
- Modified
- 2023-09-20T16:04:43Z
- Summary
- Security update for frr
- Details
-
This update for frr fixes the following issues:
- CVE-2023-38802: Fixed bad length handling in BGP attribute handling (bsc#1213284).
- CVE-2023-41358: Fixed crash in bgpd/bgp_packet.c (bsc#1214735).
- CVE-2023-41360: Fixed out-of-bounds read in bgpd/bgp_packet.c (bsc#1214739).
- CVE-2023-3748: Fixed inifinite loop in babld message parsing may cause DoS (bsc#1213434).
- CVE-2023-41909: Fixed NULL pointer dereference due to processing in bgpnlriparse_flowspec (bsc#1215065).
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20233709-1/
- https://bugzilla.suse.com/1213284
- https://bugzilla.suse.com/1213434
- https://bugzilla.suse.com/1214735
- https://bugzilla.suse.com/1214739
- https://bugzilla.suse.com/1215065
- https://www.suse.com/security/cve/CVE-2023-3748
- https://www.suse.com/security/cve/CVE-2023-38802
- https://www.suse.com/security/cve/CVE-2023-41358
- https://www.suse.com/security/cve/CVE-2023-41360
- https://www.suse.com/security/cve/CVE-2023-41909
Affected packages
SUSE:Linux Enterprise Module for Server Applications 15 SP5 / frr
Package
- Name
- frr
- Purl
- purl:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4-150500.4.8.1
Ecosystem specific
{
"binaries": [
{
"libfrrfpm_pb0": "8.4-150500.4.8.1",
"frr": "8.4-150500.4.8.1",
"libfrrsnmp0": "8.4-150500.4.8.1",
"libmlag_pb0": "8.4-150500.4.8.1",
"libfrrzmq0": "8.4-150500.4.8.1",
"libfrr0": "8.4-150500.4.8.1",
"libfrr_pb0": "8.4-150500.4.8.1",
"libfrrcares0": "8.4-150500.4.8.1",
"libfrrospfapiclient0": "8.4-150500.4.8.1",
"frr-devel": "8.4-150500.4.8.1"
}
]
}
openSUSE:Leap 15.5 / frr
Package
- Name
- frr
- Purl
- purl:rpm/suse/frr&distro=openSUSE%20Leap%2015.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4-150500.4.8.1
Ecosystem specific
{
"binaries": [
{
"libfrrfpm_pb0": "8.4-150500.4.8.1",
"frr": "8.4-150500.4.8.1",
"libfrrsnmp0": "8.4-150500.4.8.1",
"libmlag_pb0": "8.4-150500.4.8.1",
"libfrrzmq0": "8.4-150500.4.8.1",
"libfrr0": "8.4-150500.4.8.1",
"libfrr_pb0": "8.4-150500.4.8.1",
"libfrrcares0": "8.4-150500.4.8.1",
"libfrrospfapiclient0": "8.4-150500.4.8.1",
"frr-devel": "8.4-150500.4.8.1"
}
]
}