Package "frr"
| Name: |
frr
|
Description: |
FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
|
| Latest version: |
8.1-1ubuntu1.16 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Homepage: |
https://www.frrouting.org/ |
Links
Download "frr"
Other versions of "frr" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
|
frr (8.1-1ubuntu1.16) jammy-security; urgency=medium
* SECURITY UPDATE: integer overflow in OSPF parsing
- debian/patches/CVE-2026-28532.patch: ospfd: harden TE/SR TLV iteration
against malformed lengths in ospfd/ospf_sr.c, ospfd/ospf_te.c.
- CVE-2026-28532
* SECURITY UPDATE: DoS via crafted FlowSpec component
- debian/patches/CVE-2026-37457.patch: bgpd: fix off-by-one error in
FlowSpec operator array bounds check in bgpd/bgp_flowspec_util.c.
- CVE-2026-37457
* SECURITY UPDATE: DoS via crafted UPDATE message
- debian/patches/CVE-2026-37458.patch: bgpd: Validate MP_REACH_NLRI
attribute against incorrect next-hop in bgpd/bgp_attr.c.
- CVE-2026-37458
-- Marc Deslauriers <email address hidden> Sat, 30 May 2026 11:44:32 -0400
|
| Source diff to previous version |
| CVE-2026-28532 |
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a |
| CVE-2026-37457 |
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 al |
| CVE-2026-37458 |
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denia |
|
|
frr (8.1-1ubuntu1.15) jammy-security; urgency=medium
* SECURITY UPDATE: Improper Access Controls
- debian/patches/CVE-2026-5107.patch: Improve packet parsing for
EVPN and ENCAP/VNC
- CVE-2026-5107
-- Bruce Cable <email address hidden> Fri, 10 Apr 2026 12:42:06 +1000
|
| Source diff to previous version |
| CVE-2026-5107 |
A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the compon |
|
|
frr (8.1-1ubuntu1.14) jammy-security; urgency=medium
* SECURITY UPDATE: multiple ospf security issues
- debian/patches/CVE-2025-61xxx-1.patch: add null check for vty_out in
check_tlv_size in ospfd/ospf_ext.c.
- debian/patches/CVE-2025-61xxx-2.patch: fix NULL Pointer Deference
when dumping link info in ospfd/ospf_ext.c.
- debian/patches/CVE-2025-61xxx-3.patch: skip subsequent tlvs after
invalid length in ospfd/ospf_ext.c, ospfd/ospf_ri.c, ospfd/ospf_te.c.
- debian/patches/CVE-2025-61xxx-4.patch: reformat check_tlv_size macro
in ospfd/ospf_ext.c, ospfd/ospf_ri.c, ospfd/ospf_te.c.
- CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
CVE-2025-61107
-- Marc Deslauriers <email address hidden> Thu, 12 Feb 2026 10:05:19 -0500
|
| Source diff to previous version |
| CVE-2025-61099 |
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. Th |
| CVE-2025-61100 |
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. |
| CVE-2025-61101 |
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ |
| CVE-2025-61102 |
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c |
| CVE-2025-61103 |
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_e |
| CVE-2025-61104 |
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. Thi |
| CVE-2025-61105 |
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This |
| CVE-2025-61106 |
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext. |
| CVE-2025-61107 |
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext. |
|
|
frr (8.1-1ubuntu1.13) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service via route re-validation
- debian/patches/CVE-2024-55553.patch: bgpd: Validate only affected
RPKI prefixes instead of a full RIB
- Ubuntu note: Adjusted from backport of 7.5 to fit 8.1.
- Attempt to correct failing test for ppc64
- CVE-2024-55553
-- John Breton <email address hidden> Fri, 24 Jan 2025 14:38:53 -0500
|
| Source diff to previous version |
| CVE-2024-55553 |
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal sock |
|
|
frr (8.1-1ubuntu1.11) jammy-security; urgency=medium
* SECURITY UPDATE: BGP overflow via TLV value
- debian/patches/CVE-2024-44070.patch: check the actual remaining
stream length before taking TLV value in bgpd/bgp_attr.c.
- CVE-2024-44070
-- Marc Deslauriers <email address hidden> Tue, 10 Sep 2024 07:39:38 -0400
|
| CVE-2024-44070 |
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before t |
|
About
-
Send Feedback to @ubuntu_updates
