SUSE-SU-2023:4663-1 -- SLES frr, libfrrcares0, libfrrfpm_pb0, libfrrospfapiclient0, libmlag_pb0, libfrrsnmp0, libfrr0, libfrr_pb0, libfrrzmq0| ID: oval:org.secpod.oval:def:89051217 | Date: (C)2024-01-23 (M)2024-04-29 |
| Class: PATCH | Family: unix |
This update for frr fixes the following issues: * CVE-2023-47235: Fixed denial of service caused by malformed BGP UPDATE message with an EOR is processed . * CVE-2023-47234: Fixed denial of service caused by crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute . * CVE-2023-38407: Fixed read beyond the end of the stream during labeled unicast parsing . * CVE-2023-38406: Fixed mishandling of nlri length of zero, aka a "flowspec overflow .
| Platform: |
| SUSE Linux Enterprise Server 15 SP5 |
| Product: |
| frr |
| libfrrcares0 |
| libfrrfpm_pb0 |
| libfrrospfapiclient0 |
| libmlag_pb0 |
| libfrrsnmp0 |
| libfrr0 |
| libfrr_pb0 |
| libfrrzmq0 |
