UbuntuUpdates.org

Package "frr"

Name: frr

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • FRRouting suite - BGP RPKI support (rtrlib)
  • FRRouting suite - SNMP support
Latest version: 8.4.2-1ubuntu1.3
Release: lunar (23.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "frr" in Lunar

Repository Area Version
base main 8.4.2-1ubuntu1
base universe 8.4.2-1ubuntu1
security main 8.4.2-1ubuntu1.3
security universe 8.4.2-1ubuntu1.3
updates main 8.4.2-1ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.4.2-1ubuntu1.3 2023-08-31 04:07:12 UTC

  frr (8.4.2-1ubuntu1.3) lunar-security; urgency=medium

  * SECURITY UPDATE: a BGP route attribute, tunnel encapsulation, can
    be corrupted and cause denial of service
    - debian/patches/CVE-2023-38802.patch: use treat-as-withdraw for
      tunnel encapsulation attribute
    - CVE-2023-31490

 -- Mark Esler <email address hidden> Wed, 30 Aug 2023 10:33:16 -0500
Source diff to previous version
CVE-2023-38802 FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupte
CVE-2023-31490 An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.

Version: 8.4.2-1ubuntu1.2 2023-07-24 16:07:08 UTC

  frr (8.4.2-1ubuntu1.2) lunar-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-3748.patch: replacing continue in loops
      to goto done in bebeld/message.c.
    - CVE-2023-3748

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 20 Jul 2023 12:55:46 -0300
Source diff to previous version
CVE-2023-3748 Inifinite loop in babld message parsing may cause DoS

Version: 8.4.2-1ubuntu1.1 2023-06-05 16:07:31 UTC

  frr (8.4.2-1ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: denial of service via bgp_capability_llgr()
    - debian/patches/CVE-2023-31489.patch: check 7 bytes for Long-lived
      Graceful-Restart capability in bgpd/bgp_open.c.
    - CVE-2023-31489
  * SECURITY UPDATE: denial of service via bgp_attr_psid_sub()
    - debian/patches/CVE-2023-31490.patch: ensure stream received has
      enough data in bgpd/bgp_attr.c.
    - CVE-2023-31490

 -- Marc Deslauriers <email address hidden> Fri, 02 Jun 2023 13:14:57 -0400
CVE-2023-31489 An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.
CVE-2023-31490 An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.


About   -   Send Feedback to @ubuntu_updates