CLSA-2023-1697816288 Fix CVE(s): CVE-2023-41358, CVE-2023-41360

SECURITY UPDATE: bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation - debian/patches/CVE-2023-41360.patch: don't read the first byte of ORF header if we are ahead of stream. - CVE-2023-41360 SECURITY UPDATE: bgpd/bgppacket.c processes NLRIs if the attribu...

AZL-28616 CVE-2023-41358 affecting package frr for versions less than 8.5.3-2

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c processes NLRIs if the attribute length is zero...

CVE-2009-2415

Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows...

freeradius security update

1.1.3-1.5 - Security: Fix Tunnel-Password zero-length attributes flaw bug 521912 Resolves: RH BZ522062 - rebase a couple of old patches freeradius-0.9.0-comerr.patch, freeradius-1.0.0-samba3.patch so they apply with fuzz=0...

CVE-2009-3111

The raddecode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service radiusd crash via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to...