CVE-2023-47234 (https://github.com/FRRouting/frr/pull/14716/commits/c37119df45bbf4ef713bc10475af2ee06e12f3bf): An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). A PR has been made against the "dev/9.1" branch for this, but I'm not sure what the relationship is between that branch and the stable branch: https://github.com/FRRouting/frr/pull/14735 CVE-2023-47235 (https://github.com/FRRouting/frr/pull/14716/commits/6814f2e0138a6ea5e1f83bdd9085d9a77999900b): An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. Same PR here: https://github.com/FRRouting/frr/pull/14735
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33153928ae0598d624bc93f15b7fd77bcaf40a8d commit 33153928ae0598d624bc93f15b7fd77bcaf40a8d Author: Alarig Le Lay <alarig@swordarmor.fr> AuthorDate: 2024-02-09 11:31:15 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-02-09 13:17:45 +0000 net-misc/frr: add 9.0.2 (CVE-2023-47234, CVE-2023-47235) Bug: https://bugs.gentoo.org/916902 Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr> Closes: https://github.com/gentoo/gentoo/pull/33752 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/frr/Manifest | 1 + net-misc/frr/frr-9.0.2.ebuild | 150 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e9b86ff7b9bb9c1a5d9515fcde14603f2ea7b08 commit 5e9b86ff7b9bb9c1a5d9515fcde14603f2ea7b08 Author: Alarig Le Lay <alarig@swordarmor.fr> AuthorDate: 2024-02-09 11:29:43 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-02-09 13:17:45 +0000 dev-util/clippy: add 9.0.2 (CVE-2023-47234, CVE-2023-47235) Bug: https://bugs.gentoo.org/916902 Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr> Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-util/clippy/Manifest | 1 + dev-util/clippy/clippy-9.0.2.ebuild | 58 +++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82f669615665a4fc5a70f8357b6fb15a99a34585 commit 82f669615665a4fc5a70f8357b6fb15a99a34585 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-03-21 06:07:36 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2024-03-22 09:43:39 +0000 net-misc/frr: drop 9.0, 9.0.1 Bug: https://bugs.gentoo.org/916902 Closes: https://bugs.gentoo.org/914714 Closes: https://bugs.gentoo.org/913887 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/35848 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> net-misc/frr/Manifest | 2 - net-misc/frr/frr-9.0.1.ebuild | 151 ------------------------------------------ net-misc/frr/frr-9.0.ebuild | 151 ------------------------------------------ 3 files changed, 304 deletions(-)
