File _patchinfo of Package patchinfo.35809
<patchinfo incident="35809"> <issue tracker="cve" id="2017-15865"/> <issue tracker="cve" id="2024-44070"/> <issue tracker="cve" id="2022-37032"/> <issue tracker="cve" id="2018-5378"/> <issue tracker="cve" id="2018-5380"/> <issue tracker="cve" id="2018-5379"/> <issue tracker="cve" id="2018-5381"/> <issue tracker="bnc" id="1069468">Packages should no longer use /var/adm/fillup-templates</issue> <issue tracker="bnc" id="1230866">VUL-0: CVE-2017-15865: frr,quagga: sensitive information disclosure when processing malformed BGP UPDATE packets from a connected peer</issue> <issue tracker="bnc" id="1229438">VUL-0: CVE-2024-44070: frr,quagga: remaining stream length is not checked before the TLV value is taken in bgp_attr_encap</issue> <issue tracker="bnc" id="1202023">VUL-0: CVE-2022-37032: frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service</issue> <issue tracker="bnc" id="1079798">VUL-0: CVE-2018-5378: quagga: bgpd bounds check issue via attribute length</issue> <issue tracker="bnc" id="1079800">VUL-1: CVE-2018-5380: quagga: bgpd code-to-string conversion tables overrun</issue> <issue tracker="bnc" id="1079799">VUL-0: CVE-2018-5379: quagga: bgpd double free when processing UPDATE message</issue> <issue tracker="bnc" id="1079801">VUL-0: CVE-2018-5381: quagga: bgpd infinite loop</issue> <packager>mtomaschewski</packager> <rating>important</rating> <category>security</category> <summary>Security update for quagga</summary> <description>This update for quagga fixes the following issues: - CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866) - CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438) - CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023) Bug fixes: - References to /var/adm/fillup-templates replaced with new %_fillupdir macro. (bsc#1069468) </description> </patchinfo>
