Overview

File _patchinfo of Package patchinfo.26723

<patchinfo incident="26723">
  <issue tracker="cve" id="2022-37035"/>
  <issue tracker="cve" id="2022-42917"/>
  <issue tracker="bnc" id="1202085">VUL-0: CVE-2022-37035: frr: possible use-after-free related to bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c</issue>
  <issue tracker="bnc" id="1204124">VUL-0: CVE-2022-42917: frr: frrinit.sh operates on user controlled directory as root, privilege escalation from frr to root</issue>
  <packager>mtomaschewski</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for frr</summary>
  <description>This update for frr fixes the following issues:

- CVE-2022-37035: Fixed a possible use-after-free due to a race condition related to bgp_notify_send_with_data() and bgp_process_packet() (bsc#1202085).
- CVE-2022-42917: Fixed a privilege escalation from frr to root in frr config creation (bsc#1204124).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places