Branch sisyphus update bulletin.

Package passes updated to version 0.10-alt2 for branch sisyphus in task 360498.

Оптимизировать список зависимостей (BuildRequires)

Package iptraf-ng updated to version 1.2.2-alt1 for branch sisyphus in task 363324.

Published: 2024-12-17
Modified: 2025-04-03

CVE-2024-52949

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.

References:

Package frr updated to version 10.2-alt1 for branch sisyphus in task 363370.

Published: 2024-08-18

BDU:2024-06868

Уязвимость функции bgp_attr_encap() в файле bgpd/bgp_attr.c программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2024-44070

Published: 2024-08-19
Modified: 2024-08-30

CVE-2024-44070

An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://github.com/FRRouting/frr/pull/16497

Version: 2.1.0

Branch sisyphus update on 2024-11-26

ALT-BU-2024-16135-1

ALT-PU-2024-15867-3

Closed bugs

Bug #51801

ALT-PU-2024-16101-1

Closed vulnerabilities

CVE-2024-52949

ALT-PU-2024-16119-1

Closed vulnerabilities

BDU:2024-06868

CVE-2024-44070