mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-04-02 02:49:12 +00:00
84ebedfcf4
CVE-2024-27913: ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field. CVE-2024-34088: In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service. CVE-2024-31950: In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). CVE-2024-31951: In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). CVE-2024-31948: In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-27913] [https://nvd.nist.gov/vuln/detail/CVE-2024-34088] [https://nvd.nist.gov/vuln/detail/CVE-2024-31951] [https://nvd.nist.gov/vuln/detail/CVE-2024-31950] [https://nvd.nist.gov/vuln/detail/CVE-2024-31948] Upstream patches: [a73e66d073] [8c177d69e3] [5557a289ac] [f69d1313b1] [babb23b748] [ba6a8f1a31] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-networking
===============
This layer is intended to be a central point for networking-related
packages and configuration. It should be useful directly on top of
oe-core and compliments meta-openembedded. It should be primarily useful
to the following groups:
- Anyone building a small networking device (eg. a home router /
bridge / switch).
- Anyone wanting to add network services to their device (eg.
anything that might benefit from a small ftp/tftp server)
Dependencies
------------
This layer depends on:
URI: git://git.openembedded.org/openembedded-core
branch: kirkstone
For some recipes, the meta-oe layer is required:
URI: git://git.openembedded.org/meta-openembedded
subdirectory: meta-oe
branch: kirkstone
URI: git://git.openembedded.org/meta-openembedded
subdirectory: meta-python
branch: kirkstone
Maintenance
-----------
Layer maintainers: Armin Kuster <akuster808@gmail.com>
Please see the MAINTAINERS file for information on contacting the
maintainers of this layer, as well as instructions for submitting patches.