SUSE-SU-2024:3426-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3426-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:3426-1
- Related
- Published
- 2024-09-24T16:42:36Z
- Modified
- 2024-09-24T16:42:36Z
- Summary
- Security update for quagga
- Details
-
This update for quagga fixes the following issues:
- CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866)
- CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438)
- CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023)
Bug fixes: - References to /var/adm/fillup-templates replaced with new %_fillupdir macro. (bsc#1069468)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243426-1/
- https://bugzilla.suse.com/1069468
- https://bugzilla.suse.com/1079798
- https://bugzilla.suse.com/1079799
- https://bugzilla.suse.com/1079800
- https://bugzilla.suse.com/1079801
- https://bugzilla.suse.com/1202023
- https://bugzilla.suse.com/1229438
- https://bugzilla.suse.com/1230866
- https://www.suse.com/security/cve/CVE-2017-15865
- https://www.suse.com/security/cve/CVE-2018-5378
- https://www.suse.com/security/cve/CVE-2018-5379
- https://www.suse.com/security/cve/CVE-2018-5380
- https://www.suse.com/security/cve/CVE-2018-5381
- https://www.suse.com/security/cve/CVE-2022-37032
- https://www.suse.com/security/cve/CVE-2024-44070
Affected packages
SUSE:Linux Enterprise Software Development Kit 12 SP5 / quagga
Package
- Name
- quagga
- Purl
- purl:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
SUSE:Linux Enterprise Server 12 SP5 / quagga
Package
- Name
- quagga
- Purl
- purl:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5