[CLSA-2023:1697816288] Fix CVE(s): CVE-2023-41358, CVE-2023-41360

Type:

security

Severity:

Critical

Release date:

2023-10-20 15:38:13 UTC

Description:

   * SECURITY UPDATE: bgpd/bgp_packet.c can read the initial byte of the
     ORF header in an ahead-of-stream situation
     - debian/patches/CVE-2023-41360.patch: don't read the first byte of
       ORF header if we are ahead of stream.
     - CVE-2023-41360
   * SECURITY UPDATE: bgpd/bgp_packet.c processes NLRIs if the attribute
     length is zero
     - debian/patches/CVE-2023-41358.patch: do not process NLRIs if the
       attribute length is zero
     - CVE-2023-41358
   * Fix documentation pdf generation

Updated packages:

quagga_0.99.24.1-2ubuntu1.4+tuxcare.els1_amd64.deb
sha:9287815f0e881d76b5d09bddb808fd2132e846b7
quagga-doc_0.99.24.1-2ubuntu1.4+tuxcare.els1_all.deb
sha:04a0430cee158f57ccdb121f9dd1a926d3f48e03

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.