Release date:
2023-10-20 15:36:33 UTC
Description:
* SECURITY UPDATE: bgpd/bgp_packet.c can read the initial byte of the
ORF header in an ahead-of-stream situation
- debian/patches/CVE-2023-41360.patch: don't read the first byte of
ORF header if we are ahead of stream.
- CVE-2023-41360
* SECURITY UPDATE: bgpd/bgp_packet.c processes NLRIs if the attribute
length is zero
- debian/patches/CVE-2023-41358.patch: do not process NLRIs if the
attribute length is zero
- CVE-2023-41358
Updated packages:
-
quagga_1.2.4-1+tuxcare.els1_amd64.deb
sha:9973ddf2f07eb324518e5ab5dd5461038938d361
-
quagga-bgpd_1.2.4-1+tuxcare.els1_amd64.deb
sha:4d9f10fc4ea39a16f123befec11c36b7f1e5bf4d
-
quagga-core_1.2.4-1+tuxcare.els1_amd64.deb
sha:fb7277a97468eceaa80147c9390a46480b703916
-
quagga-doc_1.2.4-1+tuxcare.els1_all.deb
sha:2f2a965ab160bb238f8ff8877fe393d1e9c3effc
-
quagga-isisd_1.2.4-1+tuxcare.els1_amd64.deb
sha:2cb1109e111f07f8b3462cb5fc9b4e9335c2d795
-
quagga-ospf6d_1.2.4-1+tuxcare.els1_amd64.deb
sha:221e5347e2f8bfc1534a20dc62c4883b2b11ed69
-
quagga-ospfd_1.2.4-1+tuxcare.els1_amd64.deb
sha:688eb1c6a5510e3e5587f12323eb9d8b9083d622
-
quagga-pimd_1.2.4-1+tuxcare.els1_amd64.deb
sha:faaaf3ba7a844e9d35c4d53865aa990c263127c6
-
quagga-ripd_1.2.4-1+tuxcare.els1_amd64.deb
sha:1b9ab1ccbbd8c6605d7f4a62f4e580803936e3b2
-
quagga-ripngd_1.2.4-1+tuxcare.els1_amd64.deb
sha:12a350555befe7615882963a05b96be1f0f2f129
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
