frr-8.4-5.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13191-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z frr-8.4-5.1 on GA media These are all security issues fixed in the frr-8.4-5.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13191 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-3748/ SUSE CVE CVE-2023-3748 page https://www.suse.com/security/cve/CVE-2023-38802/ SUSE CVE CVE-2023-38802 page https://www.suse.com/security/cve/CVE-2023-41358/ SUSE CVE CVE-2023-41358 page https://www.suse.com/security/cve/CVE-2023-41360/ SUSE CVE CVE-2023-41360 page openSUSE Tumbleweed frr-8.4-5.1 frr-devel-8.4-5.1 libfrr0-8.4-5.1 libfrr_pb0-8.4-5.1 libfrrcares0-8.4-5.1 libfrrfpm_pb0-8.4-5.1 libfrrospfapiclient0-8.4-5.1 libfrrsnmp0-8.4-5.1 libfrrzmq0-8.4-5.1 libmlag_pb0-8.4-5.1 frr-8.4-5.1 as a component of openSUSE Tumbleweed frr-devel-8.4-5.1 as a component of openSUSE Tumbleweed libfrr0-8.4-5.1 as a component of openSUSE Tumbleweed libfrr_pb0-8.4-5.1 as a component of openSUSE Tumbleweed libfrrcares0-8.4-5.1 as a component of openSUSE Tumbleweed libfrrfpm_pb0-8.4-5.1 as a component of openSUSE Tumbleweed libfrrospfapiclient0-8.4-5.1 as a component of openSUSE Tumbleweed libfrrsnmp0-8.4-5.1 as a component of openSUSE Tumbleweed libfrrzmq0-8.4-5.1 as a component of openSUSE Tumbleweed libmlag_pb0-8.4-5.1 as a component of openSUSE Tumbleweed A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. CVE-2023-3748 openSUSE Tumbleweed:frr-8.4-5.1 openSUSE Tumbleweed:frr-devel-8.4-5.1 openSUSE Tumbleweed:libfrr0-8.4-5.1 openSUSE Tumbleweed:libfrr_pb0-8.4-5.1 openSUSE Tumbleweed:libfrrcares0-8.4-5.1 openSUSE Tumbleweed:libfrrfpm_pb0-8.4-5.1 openSUSE Tumbleweed:libfrrospfapiclient0-8.4-5.1 openSUSE Tumbleweed:libfrrsnmp0-8.4-5.1 openSUSE Tumbleweed:libfrrzmq0-8.4-5.1 openSUSE Tumbleweed:libmlag_pb0-8.4-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-3748.html CVE-2023-3748 https://bugzilla.suse.com/1213434 SUSE Bug 1213434 FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). CVE-2023-38802 openSUSE Tumbleweed:frr-8.4-5.1 openSUSE Tumbleweed:frr-devel-8.4-5.1 openSUSE Tumbleweed:libfrr0-8.4-5.1 openSUSE Tumbleweed:libfrr_pb0-8.4-5.1 openSUSE Tumbleweed:libfrrcares0-8.4-5.1 openSUSE Tumbleweed:libfrrfpm_pb0-8.4-5.1 openSUSE Tumbleweed:libfrrospfapiclient0-8.4-5.1 openSUSE Tumbleweed:libfrrsnmp0-8.4-5.1 openSUSE Tumbleweed:libfrrzmq0-8.4-5.1 openSUSE Tumbleweed:libmlag_pb0-8.4-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-38802.html CVE-2023-38802 https://bugzilla.suse.com/1213284 SUSE Bug 1213284 An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. CVE-2023-41358 openSUSE Tumbleweed:frr-8.4-5.1 openSUSE Tumbleweed:frr-devel-8.4-5.1 openSUSE Tumbleweed:libfrr0-8.4-5.1 openSUSE Tumbleweed:libfrr_pb0-8.4-5.1 openSUSE Tumbleweed:libfrrcares0-8.4-5.1 openSUSE Tumbleweed:libfrrfpm_pb0-8.4-5.1 openSUSE Tumbleweed:libfrrospfapiclient0-8.4-5.1 openSUSE Tumbleweed:libfrrsnmp0-8.4-5.1 openSUSE Tumbleweed:libfrrzmq0-8.4-5.1 openSUSE Tumbleweed:libmlag_pb0-8.4-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-41358.html CVE-2023-41358 https://bugzilla.suse.com/1214735 SUSE Bug 1214735 An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. CVE-2023-41360 openSUSE Tumbleweed:frr-8.4-5.1 openSUSE Tumbleweed:frr-devel-8.4-5.1 openSUSE Tumbleweed:libfrr0-8.4-5.1 openSUSE Tumbleweed:libfrr_pb0-8.4-5.1 openSUSE Tumbleweed:libfrrcares0-8.4-5.1 openSUSE Tumbleweed:libfrrfpm_pb0-8.4-5.1 openSUSE Tumbleweed:libfrrospfapiclient0-8.4-5.1 openSUSE Tumbleweed:libfrrsnmp0-8.4-5.1 openSUSE Tumbleweed:libfrrzmq0-8.4-5.1 openSUSE Tumbleweed:libmlag_pb0-8.4-5.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-41360.html CVE-2023-41360 https://bugzilla.suse.com/1214739 SUSE Bug 1214739