Package "frr-pythontools"
Name: |
frr-pythontools
|
Description: |
FRRouting suite - Python tools
|
Latest version: |
8.4.4-1.1ubuntu1.3 |
Release: |
mantic (23.10) |
Level: |
updates |
Repository: |
main |
Head package: |
frr |
Homepage: |
https://www.frrouting.org/ |
Links
Download "frr-pythontools"
Other versions of "frr-pythontools" in Mantic
Changelog
frr (8.4.4-1.1ubuntu1.3) mantic-security; urgency=medium
* SECURITY UPDATE: DoS via malformed OSPF LSA packet
- debian/patches/CVE-2024-27913.patch: solved crash in OSPF TE parsing
in ospfd/ospf_te.c.
- CVE-2024-27913
-- Marc Deslauriers <email address hidden> Tue, 05 Mar 2024 08:27:21 -0500
|
Source diff to previous version |
CVE-2024-27913 |
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a ma |
|
frr (8.4.4-1.1ubuntu1.2) mantic-security; urgency=medium
* SECURITY UPDATE: read beyond stream during labeled unicast parsing
- debian/patches/CVE-2023-38407.patch: fix use beyond end of stream of
labeled unicast parsing in bgpd/bgp_label.c.
- CVE-2023-38407
* SECURITY UPDATE: crash via MP_UNREACH_NLRI attribute
- debian/patches/CVE-2023-47234.patch: ignore handling NLRIs if we
received MP_UNREACH_NLRI in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
bgpd/bgp_packet.c.
- CVE-2023-47234
* SECURITY UPDATE: crash via malformed BGP UPDATE message
- debian/patches/CVE-2023-47235.patch: treat EOR as withdrawn to avoid
unwanted handling of malformed attrs in bgpd/bgp_attr.c.
- CVE-2023-47235
-- Marc Deslauriers <email address hidden> Thu, 16 Nov 2023 09:43:59 -0500
|
Source diff to previous version |
CVE-2023-38407 |
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. |
CVE-2023-47234 |
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribu |
CVE-2023-47235 |
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the p |
|
frr (8.4.4-1.1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: DoS via MP_REACH_NLRI data
- debian/patches/CVE-2023-46752.patch: handle MP_REACH_NLRI malformed
packets with session reset in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
bgpd/bgp_packet.c.
- CVE-2023-46752
* SECURITY UPDATE: DoS via BGP UPDATE without mandatory attributes
- debian/patches/CVE-2023-46753.patch: check mandatory attributes more
carefully for UPDATE message in bgpd/bgp_attr.c.
- CVE-2023-46753
-- Marc Deslauriers <email address hidden> Wed, 01 Nov 2023 14:12:59 -0400
|
CVE-2023-46752 |
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. |
CVE-2023-46753 |
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one wi |
|
About
-
Send Feedback to @ubuntu_updates