This security bulletin contains information about 2 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU67275
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-25074
CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when processing IS-IS HELLO packets. A remote attacker can send specially crafted packets to the IS-IS daemon, trigger memory leak and perform denial of service attack.
Mitigation
Update the affected package frr to the latest version.
Vulnerable software versions
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Linux Enterprise Storage: 7.1
SUSE Manager Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
openSUSE Leap: 15.3 - 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4
SUSE Linux Enterprise Server: 15-SP3 - 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP3 - 15-SP4
SUSE Linux Enterprise Module for Server Applications: 15-SP3 - 15-SP4
libmlag_pb0-debuginfo: before 7.4-150300.4.7.1
libmlag_pb0: before 7.4-150300.4.7.1
libfrrzmq0-debuginfo: before 7.4-150300.4.7.1
libfrrzmq0: before 7.4-150300.4.7.1
< ..
Support the originator by clicking the read the rest link below.
