Lucene search
OracleLinuxELSA-2024-2981HistoryMay 23, 2024 - 12:00 a.m.
frr security update
2024-05-2300:00:00
linux.oracle.com
2
postin scriptlet fix
rhel-15916
flowspec overflow
rhel-15919
out of bounds read
rhel-15869
crash
rhel-15868
eor message
rhel-22303
zebra
rhel-2216
null pointer dereference
rhel-4797
dos
rhel-14824
crafted bgp message
rhel-14821
mishandled data
rhel-6583
route refresh issue
rhel-12039
plist update crash
rhel-6617
invalid bgp update.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.1%
[7.5.1-22.0.1]
- Fix POSTIN scriptlet [Orabug: 34712485]
- Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c
- Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c
- Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
- Resolves: RHEL-15868 - crash from malformed EOR-containing BGP UPDATE message
[7.5.1-22] - Resolves: RHEL-22303 - Zebra not fetching host routes
[7.5.1-21] - Resolves: RHEL-2216 - NULL pointer dereference
[7.5.1-20] - Resolves: RHEL-4797 - missing length check in bgp_attr_psid_sub() can lead do DoS
[7.5.1-19] - Resolves: RHEL-14824 - crafted BGP UPDATE message leading to a crash
[7.5.1-18] - Resolves: RHEL-14821 - mishandled malformed data leading to a crash
[7.5.1-17] - Resolves: RHEL-6583 - Routes are not refreshed after changing the inbound route rules from deny to permit
[7.5.1-16] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c
- Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c
- Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
- Resolves: RHEL-15868 - crash from malformed EOR-containing BGP UPDATE message
[7.5.1-15] - Resolves: RHEL-12039 - crash in plist update
[7.5.1-14] - Resolves: RHEL-6617 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | frr | < 7.5.1-22.0.1.el8 | frr-7.5.1-22.0.1.el8.src.rpm |
| oracle linux | 8 | aarch64 | frr | < 7.5.1-22.0.1.el8 | frr-7.5.1-22.0.1.el8.aarch64.rpm |
| oracle linux | 8 | noarch | frr-selinux | < 7.5.1-22.0.1.el8 | frr-selinux-7.5.1-22.0.1.el8.noarch.rpm |
| oracle linux | 8 | src | frr | < 7.5.1-22.0.1.el8 | frr-7.5.1-22.0.1.el8.src.rpm |
| oracle linux | 8 | x86_64 | frr | < 7.5.1-22.0.1.el8 | frr-7.5.1-22.0.1.el8.x86_64.rpm |
| oracle linux | 8 | noarch | frr-selinux | < 7.5.1-22.0.1.el8 | frr-selinux-7.5.1-22.0.1.el8.noarch.rpm |
Related
nessus
nessus
CentOS 8 : frr (CESA-2024:2981)
2024-05-22 00:00:00
RHEL 8 : frr (RHSA-2024:2981)
2024-05-23 00:00:00
Oracle Linux 8 : frr (ELSA-2024-2981)
2024-05-28 00:00:00
almalinux
almalinux
Moderate: frr security update
2024-05-22 00:00:00
Moderate: frr security update
2024-04-30 00:00:00
osv
osv
Moderate: frr security update
2024-05-22 00:00:00
Moderate: frr security update
2024-04-30 00:00:00
frr vulnerabilities
2023-11-15 14:20:35
redhat
redhat
(RHSA-2024:2981) Moderate: frr security update
2024-05-22 06:35:15
(RHSA-2024:2156) Moderate: frr security update
2024-04-30 06:14:53
oraclelinux
oraclelinux
frr security update
2024-05-02 00:00:00
openvas
openvas
openSUSE: Security Advisory for frr (SUSE-SU-2023:4473-1)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-6481-1)
2023-11-16 00:00:00
openSUSE: Security Advisory for frr (SUSE-SU-2023:4483-1)
2024-03-04 00:00:00
ubuntu
ubuntu
FRR vulnerabilities
2023-11-15 00:00:00
FRR vulnerabilities
2023-10-18 00:00:00
FRR vulnerability
2023-08-31 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: frr-8.5.3-1.fc37
2023-11-15 02:01:52
[SECURITY] Fedora 39 Update: frr-8.5.3-1.fc39
2023-11-15 01:43:47
[SECURITY] Fedora 38 Update: frr-8.5.3-1.fc38
2023-11-15 02:16:16
ubuntucve
ubuntucve
cvelist
cvelist
cbl_mariner
cbl_mariner
CVE-2023-46753 affecting package frr for versions less than 8.5.3-3
2023-11-10 17:45:58
CVE-2023-46752 affecting package frr for versions less than 8.5.3-3
2023-11-10 17:45:58
CVE-2023-46752 affecting package frr for versions less than 9.1-2
2024-05-17 21:38:35
nvd
nvd
veracode
veracode
Denial Of Service (DoS)
2023-10-27 07:53:52
Denial Of Service (DoS)
2023-10-27 08:06:35
Denial Of Service (DoS)
2023-10-13 13:08:54
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2023-05-09 16:15:00
Design/Logic Flaw
2023-10-26 05:15:00
Design/Logic Flaw
2023-08-29 04:15:00
cve
cve
debiancve
debiancve
debian
debian
[SECURITY] [DLA 3573-1] frr security update
2023-09-19 19:41:22
[SECURITY] [DSA 5495-1] frr security update
2023-09-11 07:14:35
[SECURITY] [DLA 3797-1] frr security update
2024-04-28 06:30:09
redos
redos
ROS-20240617-02
2024-06-17 00:00:00
ROS-20240403-09
2024-04-03 00:00:00
cloudlinux
cloudlinux
quagga: Fix of 2 CVEs
2023-10-20 15:53:24
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.1%
Related for ELSA-2024-2981