Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

openSUSE Leap 15.3, 15.4: 2022:0901-1 Important: frr Buffer Overflow Fixes

opensuse
Calendar Grey March 18, 2022
Dist Opensuse Esm H88
The recent Ubuntu Security Patch tackles critical vulnerabilities in the curl package, improving overall application reliability and safety.
An update that solves 5 vulnerabilities and has one errata is now available

Description

This update for frr fixes the following issues:

- CVE-2022-26125, CVE-2022-26126: Fixed buffer overflows in

unpack_tlv_router_cap() (bsc#1196505, bsc#1196506).

- CVE-2022-26127: Fixed heap buffer overflow in babel_packet_examin()

(bsc#1196503).

- CVE-2022-26128: Fixed buffer overflows in babel_packet_examin()

(bsc#1196507).

- CVE-2022-26129: Fixed buffer overflows in parse_hello_subtlv(),

parse_ihu_subtlv() and parse_update_subtlv() (bsc#1196504).

Topics%20covered

Topics Covered

security advisory buffer overflow system integrity important patch openSUSE frr update

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.4:

zypper in -t patch openSUSE-SLE-15.4-2022-901=1

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2022-901=1

Package List

- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

frr-7.4-150300.4.3.1

frr-debuginfo-7.4-150300.4.3.1

frr-debugsource-7.4-150300.4.3.1

frr-devel-7.4-150300.4.3.1

libfrr0-7.4-150300.4.3.1

libfrr0-debuginfo-7.4-150300.4.3.1

libfrr_pb0-7.4-150300.4.3.1

libfrr_pb0-debuginfo-7.4-150300.4.3.1

libfrrcares0-7.4-150300.4.3.1

libfrrcares0-debuginfo-7.4-150300.4.3.1

libfrrfpm_pb0-7.4-150300.4.3.1

libfrrfpm_pb0-debuginfo-7.4-150300.4.3.1

libfrrgrpc_pb0-7.4-150300.4.3.1

libfrrgrpc_pb0-debuginfo-7.4-150300.4.3.1

libfrrospfapiclient0-7.4-150300.4.3.1

libfrrospfapiclient0-debuginfo-7.4-150300.4.3.1

libfrrsnmp0-7.4-150300.4.3.1

libfrrsnmp0-debuginfo-7.4-150300.4.3.1

libfrrzmq0-7.4-150300.4.3.1

libfrrzmq0-debuginfo-7.4-150300.4.3.1

libmlag_pb0-7.4-150300.4.3.1

libmlag_pb0-debuginfo-7.4-150300.4.3.1

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

frr-7.4-150300.4.3.1

frr-debuginfo-7.4-150300.4.3.1

frr-debugsource-7.4-150300.4.3.1

frr-devel-7.4-150300.4.3.1

libfrr0-7.4-150300.4.3.1

libfrr0-debuginfo-7.4-150300.4.3.1

libfrr_pb0...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2022-26125.html

https://www.suse.com/security/cve/CVE-2022-26126.html

https://www.suse.com/security/cve/CVE-2022-26127.html

https://www.suse.com/security/cve/CVE-2022-26128.html

https://www.suse.com/security/cve/CVE-2022-26129.html

https://bugzilla.suse.com/1180217

https://bugzilla.suse.com/1196503

https://bugzilla.suse.com/1196504

https://bugzilla.suse.com/1196505

https://bugzilla.suse.com/1196506

https://bugzilla.suse.com/1196507

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2022:0901-1
Rating: important
Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ble.

Topics%20covered

Topics Covered

security advisory buffer overflow system integrity important patch openSUSE frr update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here