Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
202
security advisoryupdatemoderate severityopenSUSE 15.5 SUSE-SU-2023:4473-1 moderate: frr BGP crash fix
This update for frr fixes the following issues: CVE-2023-46753: Fixed a crash caused from a crafted BGP UPDATE message. (bsc#1216626). # Security update for frr Announcement ID: SUSE-SU-2023:4473-1 Rating: moderate References: * bsc#1216626 * bsc#1216627 Cross-References: * CVE-2023-46752 * CVE-2023-46753 CVSS scores: * CVE-2023-46752 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46752 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46753 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for frr fixes the following issues: * CVE-2023-46753: Fixed a crash caused from a crafted BGP UPDATE message. (bsc#1216626) * CVE-2023-46752: Fixed a crash caused from a mishandled malformed MP_REACH_NLRI data. (bsc#1216627) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4473=1 openSUSE-SLE-15.5-2023-4473=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4473=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libmlag_pb0-debuginfo-8.4-150500.4.11.1 * libfrrzmq0-8.4-150500.4.11.1 * libfrrfpm_pb0-8.4-150500.4.11.1 * frr-debuginfo-8.4-150500.4.11.1 * libfrrcares0-debuginfo-8.4-150500.4.11.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.11.1 *libfrrospfapiclient0-8.4-150500.4.11.1 * libfrrzmq0-debuginfo-8.4-150500.4.11.1 * libfrr_pb0-8.4-150500.4.11.1 * libmlag_pb0-8.4-150500.4.11.1 * frr-debugsource-8.4-150500.4.11.1 * frr-8.4-150500.4.11.1 * libfrr_pb0-debuginfo-8.4-150500.4.11.1 * libfrrsnmp0-8.4-150500.4.11.1 * libfrr0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.11.1 * libfrrcares0-8.4-150500.4.11.1 * libfrrsnmp0-debuginfo-8.4-150500.4.11.1 * frr-devel-8.4-150500.4.11.1 * libfrr0-8.4-150500.4.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmlag_pb0-debuginfo-8.4-150500.4.11.1 * libfrrzmq0-8.4-150500.4.11.1 * libfrrfpm_pb0-8.4-150500.4.11.1 * frr-debuginfo-8.4-150500.4.11.1 * libfrrcares0-debuginfo-8.4-150500.4.11.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-8.4-150500.4.11.1 * libfrrzmq0-debuginfo-8.4-150500.4.11.1 * libfrr_pb0-8.4-150500.4.11.1 * libmlag_pb0-8.4-150500.4.11.1 * frr-debugsource-8.4-150500.4.11.1 * frr-8.4-150500.4.11.1 * libfrr_pb0-debuginfo-8.4-150500.4.11.1 * libfrrsnmp0-8.4-150500.4.11.1 * libfrr0-debuginfo-8.4-150500.4.11.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.11.1 * libfrrcares0-8.4-150500.4.11.1 * libfrrsnmp0-debuginfo-8.4-150500.4.11.1 * frr-devel-8.4-150500.4.11.1 * libfrr0-8.4-150500.4.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46752.html * https://www.suse.com/security/cve/CVE-2023-46753.html * https://bugzilla.suse.com/show_bug.cgi?id=1216626 * https://bugzilla.suse.com/show_bug.cgi?id=1216627 . Important patch released for openSUSE addressing several vulnerabilities in frr. Resolves instability issues triggered by improperly formatted messages and payloads.. openSUSE Security Advisory,frr Update,BGP Vulnerability Patch,Moderate Severity Fix. . LinuxSecurity.com Team
Nov 17, 2023
OpenSUSE
98
security advisorybug fixRed Hat Enterprise LinuxRed Hat Enterprise Linux 9 RHSA-2023-2202-01 Moderate frr Security Update
An update for frr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: frr security, bug fix, and enhancement update Advisory ID: RHSA-2023:2202-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2202 Issue date: 2023-05-09 CVE Names: CVE-2022-37032 ==================================================================== 1. Summary: An update for frr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. The following packages have been upgraded to a later upstream version: frr (8.3.1). (BZ#2129731) Security Fix(es): * frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service (CVE-2022-37032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the Referencessection. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2127494 - BGP incorrectly withdraws routes on graceful restart capable routers2128713 - CVE-2022-37032 frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service 2129731 - [RFE] Rebase FRR to the latest version 2129743 - [RFE] Add targeted SELinux policy for FRR 2144500 - AVC error when reloading FRR with provided reload script 2147522 - It is not possible to run FRR as a non-root user 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: frr-8.3.1-5.el9.src.rpm aarch64: frr-8.3.1-5.el9.aarch64.rpm frr-debuginfo-8.3.1-5.el9.aarch64.rpm frr-debugsource-8.3.1-5.el9.aarch64.rpm noarch: frr-selinux-8.3.1-5.el9.noarch.rpm ppc64le: frr-8.3.1-5.el9.ppc64le.rpm frr-debuginfo-8.3.1-5.el9.ppc64le.rpm frr-debugsource-8.3.1-5.el9.ppc64le.rpm s390x: frr-8.3.1-5.el9.s390x.rpm frr-debuginfo-8.3.1-5.el9.s390x.rpm frr-debugsource-8.3.1-5.el9.s390x.rpm x86_64: frr-8.3.1-5.el9.x86_64.rpm frr-debuginfo-8.3.1-5.el9.x86_64.rpm frr-debugsource-8.3.1-5.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-37032 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZFo0VNzjgjWX9erEAQgnLg//ZEI1a1xY3IM48LbwIPy7YTtRxPras/xg D7zZW2Hq/MLjogPIO+wdfMK57dEBQyAhlqOhLM4prc+DYfaLLEcyDV93/nRDUDCs sdMnJHdXQl/j12d08EqICDWZNAIaNVolZxueZFz1GT5jJ+HxzzCM9q8kU6CyUYo/ yIKDhcBbL134k2kn/akkG5p8ClqpwjEhM02wab0bppoDLHih0YlT3YeQNmjqcr8Q C75CVRqwQO1DaKyGU2c7ll1B1z6GIimThbZzQmyPWLgQRN4BNNV6QY85KHe+2+3Y SI/MISXHUEPeC0XAT0oH8Wr3lAgyksBT6wzrn+p4AEAQJVTdlaXdspMOtjhwUCJ6 o+LG/aw0Rc6UZW9iyAEsYJAZFXSFEPTrYMHmxcubjZg7VL2AWKqrljS4YqjQj+6W utoHG7HdkaexWYvckPAP5NOZgSshuNygU9MgrSU0FEQNbREbu0uoCTJ+QhpSzIt6 yInpt1Q8T1Akz9ovoaz2q+pta0x/LmSwtfMSIGilMgymQdX9b29XoWtkhvqe4eak K8R4KToO5Sz0GFj9ujCAFBIlKd1RYhZMenfWO93aHgFXSWeaxx2qOrRoBTyg6sJ2 NqzpDdEqqfam2GqlF1jJ/kmXfbZIdPkquaFUtr3bgBc7+j2a6HisLsuspepHnurZ NTwWhFDyHsw=XaNI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 09, 2023
Red Hat
202
security advisorybuffer overflowsystem integrityopenSUSE Leap 15.3, 15.4: 2022:0901-1 Important: frr Buffer Overflow Fixes
An update that solves 5 vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for frr ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0901-1 Rating: important References: #1180217 #1196503 #1196504 #1196505 #1196506 #1196507 Cross-References: CVE-2022-26125 CVE-2022-26126 CVE-2022-26127 CVE-2022-26128 CVE-2022-26129 CVSS scores: CVE-2022-26125 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26125 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26126 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26126 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26127 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26127 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26128 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26128 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-26129 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26129 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for frr fixes the following issues: - CVE-2022-26125, CVE-2022-26126: Fixed buffer overflows in unpack_tlv_router_cap() (bsc#1196505, bsc#1196506). - CVE-2022-26127: Fixed heap buffer overflow in babel_packet_examin() (bsc#1196503). - CVE-2022-26128: Fixed buffer overflows in babel_packet_examin() (bsc#1196507). - CVE-2022-26129: Fixed buffer overflows in parse_hello_subtlv(), parse_ihu_subtlv() and parse_update_subtlv() (bsc#1196504). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-901=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-901=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.3.1 frr-debuginfo-7.4-150300.4.3.1 frr-debugsource-7.4-150300.4.3.1 frr-devel-7.4-150300.4.3.1 libfrr0-7.4-150300.4.3.1 libfrr0-debuginfo-7.4-150300.4.3.1 libfrr_pb0-7.4-150300.4.3.1 libfrr_pb0-debuginfo-7.4-150300.4.3.1 libfrrcares0-7.4-150300.4.3.1 libfrrcares0-debuginfo-7.4-150300.4.3.1 libfrrfpm_pb0-7.4-150300.4.3.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.3.1 libfrrgrpc_pb0-7.4-150300.4.3.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.3.1 libfrrospfapiclient0-7.4-150300.4.3.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.3.1 libfrrsnmp0-7.4-150300.4.3.1 libfrrsnmp0-debuginfo-7.4-150300.4.3.1 libfrrzmq0-7.4-150300.4.3.1 libfrrzmq0-debuginfo-7.4-150300.4.3.1 libmlag_pb0-7.4-150300.4.3.1 libmlag_pb0-debuginfo-7.4-150300.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.3.1 frr-debuginfo-7.4-150300.4.3.1 frr-debugsource-7.4-150300.4.3.1 frr-devel-7.4-150300.4.3.1 libfrr0-7.4-150300.4.3.1 libfrr0-debuginfo-7.4-150300.4.3.1 libfrr_pb0-7.4-150300.4.3.1 libfrr_pb0-debuginfo-7.4-150300.4.3.1 libfrrcares0-7.4-150300.4.3.1 libfrrcares0-debuginfo-7.4-150300.4.3.1 libfrrfpm_pb0-7.4-150300.4.3.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.3.1 libfrrgrpc_pb0-7.4-150300.4.3.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.3.1 libfrrospfapiclient0-7.4-150300.4.3.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.3.1 libfrrsnmp0-7.4-150300.4.3.1 libfrrsnmp0-debuginfo-7.4-150300.4.3.1 libfrrzmq0-7.4-150300.4.3.1 libfrrzmq0-debuginfo-7.4-150300.4.3.1 libmlag_pb0-7.4-150300.4.3.1 libmlag_pb0-debuginfo-7.4-150300.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-26125.html https://www.suse.com/security/cve/CVE-2022-26126.html https://www.suse.com/security/cve/CVE-2022-26127.html https://www.suse.com/security/cve/CVE-2022-26128.html https://www.suse.com/security/cve/CVE-2022-26129.html https://bugzilla.suse.com/1180217 https://bugzilla.suse.com/1196503 https://bugzilla.suse.com/1196504 https://bugzilla.suse.com/1196505 https://bugzilla.suse.com/1196506 https://bugzilla.suse.com/1196507 . The recent Ubuntu Security Patch tackles critical vulnerabilities in the curl package, improving overall application reliability and safety.. openSUSE Security,frr update,Linux vulnerabilities,system integrity,buffer overflow patches. . Severity: Important. LinuxSecurity.com Team
Mar 18, 2022
•Important
OpenSUSE
98
security advisoryinformation leakDoS issueRed Hat Enterprise Linux 8: RHSA-2020-4619-01 Moderate: Frr Security Update
An update for frr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: frr security and bug fix update Advisory ID: RHSA-2020:4619-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4619 Issue date: 2020-11-03 CVE Names: CVE-2020-12831 ==================================================================== 1. Summary: An update for frr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): * frr: default permission issue eases information leaks (CVE-2020-12831) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1758544 - [frr]IGMPv3 queries may lead to DoS 1776342 - frr has missing dependency on iproute 1819319 - frr fails to start start if the initscripts package is missing 1830805 - CVE-2020-12831 frr: default permission issue eases information leaks 1867793 - FRR does not conform to the source port range specified in RFC5881 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: frr-7.0-10.el8.src.rpm aarch64: frr-7.0-10.el8.aarch64.rpm frr-contrib-7.0-10.el8.aarch64.rpm frr-debuginfo-7.0-10.el8.aarch64.rpm frr-debugsource-7.0-10.el8.aarch64.rpm ppc64le: frr-7.0-10.el8.ppc64le.rpm frr-contrib-7.0-10.el8.ppc64le.rpm frr-debuginfo-7.0-10.el8.ppc64le.rpm frr-debugsource-7.0-10.el8.ppc64le.rpm s390x: frr-7.0-10.el8.s390x.rpm frr-contrib-7.0-10.el8.s390x.rpm frr-debuginfo-7.0-10.el8.s390x.rpm frr-debugsource-7.0-10.el8.s390x.rpm x86_64: frr-7.0-10.el8.x86_64.rpm frr-contrib-7.0-10.el8.x86_64.rpm frr-debuginfo-7.0-10.el8.x86_64.rpm frr-debugsource-7.0-10.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12831 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX6I04NzjgjWX9erEAQiW+A/6AxHaFwWQy33o+rNqpwkrpeNQ8zEc06LE s2Wi+Ye/PKWfhOK3uWwtHf8swzn9dymu+IvvsWLMEhaTlT8QG1FKsMl3X+SqHC7A ols8JLbA8vAzTpv2o7kvOavrRILlxZb/6DuFbwkDrRH9Qbu6qZdZmQfdE95jDp++ /aVR9GAvUGGIBc7OOb1lghttZSh02VoZV2QVk0RYbfoBzxoMvKF3IWDJ9d6XD1nJ urP39FEM/MebiashVdB8HOleIhe/ydBQKaJxUEOJbIs90rBCcZhV7RpG52TUwbae vhLmAGVZDj4kLl00ILK9bJVZw1rFbN8sde2Fnkzu1rABmPWCE3UPKG93zeA6tdd6 jdfxjv/22k+rhDntNfRG1FrIdS6aUH73G6KDj03HRcm92AZqfysdBATy+LYM1cVN Dgtxcoye7123Ycp3iZZ3RibXWHfKgActQuvwYRj0eUL6FcDmMaWjHDJzkj568ZLg 037k42LYkdyfkcxFnBt6GNhzX08GQAIBlLJIEwG6Xk7JJEbE2fiGBSm33O2tGzw5 VCIPqMzSq1+mYdAsbvzkX5vAQ+fiRyKEjB/jPbwqzaOmy1PQzG0H+eEDwkYI6cK/ AzQpezwkDdOZRnxvwMiCk4wRAyDCeh39cd530GGZHQgGsOxqTSIV+r8hhHpyC9MJ ipsF7WG8hqY=xRnR -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 03, 2020
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!