UbuntuUpdates.org

Package "frr-doc"

Name: frr-doc

Description:

FRRouting suite - user manual
Latest version: 8.1-1ubuntu1.14
Release: jammy (22.04)
Level: security
Repository: main
Head package: frr
Homepage: https://www.frrouting.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "frr-doc"

All arch deb package
APT INSTALL

Other versions of "frr-doc" in Jammy

Repository Area Version
base main 8.1-1ubuntu1
updates main 8.1-1ubuntu1.14

Changelog

Version: 8.1-1ubuntu1.14 2026-02-17 16:08:13 UTC

  frr (8.1-1ubuntu1.14) jammy-security; urgency=medium

  * SECURITY UPDATE: multiple ospf security issues
    - debian/patches/CVE-2025-61xxx-1.patch: add null check for vty_out in
      check_tlv_size in ospfd/ospf_ext.c.
    - debian/patches/CVE-2025-61xxx-2.patch: fix NULL Pointer Deference
      when dumping link info in ospfd/ospf_ext.c.
    - debian/patches/CVE-2025-61xxx-3.patch: skip subsequent tlvs after
      invalid length in ospfd/ospf_ext.c, ospfd/ospf_ri.c, ospfd/ospf_te.c.
    - debian/patches/CVE-2025-61xxx-4.patch: reformat check_tlv_size macro
      in ospfd/ospf_ext.c, ospfd/ospf_ri.c, ospfd/ospf_te.c.
    - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
      CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
      CVE-2025-61107

 -- Marc Deslauriers <email address hidden> Thu, 12 Feb 2026 10:05:19 -0500
Source diff to previous version
CVE-2025-61099 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. Th
CVE-2025-61100 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c.
CVE-2025-61101 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_
CVE-2025-61102 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c
CVE-2025-61103 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_e
CVE-2025-61104 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. Thi
CVE-2025-61105 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This
CVE-2025-61106 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.
CVE-2025-61107 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.

Version: 8.1-1ubuntu1.13 2025-01-27 21:07:17 UTC

  frr (8.1-1ubuntu1.13) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service via route re-validation
    - debian/patches/CVE-2024-55553.patch: bgpd: Validate only affected
      RPKI prefixes instead of a full RIB
    - Ubuntu note: Adjusted from backport of 7.5 to fit 8.1.
    - Attempt to correct failing test for ppc64
    - CVE-2024-55553

 -- John Breton <email address hidden> Fri, 24 Jan 2025 14:38:53 -0500
Source diff to previous version
CVE-2024-55553 In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal sock

Version: 8.1-1ubuntu1.11 2024-09-17 16:06:59 UTC

  frr (8.1-1ubuntu1.11) jammy-security; urgency=medium

  * SECURITY UPDATE: BGP overflow via TLV value
    - debian/patches/CVE-2024-44070.patch: check the actual remaining
      stream length before taking TLV value in bgpd/bgp_attr.c.
    - CVE-2024-44070

 -- Marc Deslauriers <email address hidden> Tue, 10 Sep 2024 07:39:38 -0400
Source diff to previous version
CVE-2024-44070 An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before t

Version: 8.1-1ubuntu1.10 2024-05-28 17:08:18 UTC

  frr (8.1-1ubuntu1.10) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via malformed Prefix SID attribute
    - debian/patches/CVE-2024-31948-1.patch: fix error handling when
      receiving BGP Prefix SID attribute in bgpd/bgp_attr.c.
    - debian/patches/CVE-2024-31948-2.patch: prevent from one more CVE
      triggering this place in bgpd/bgp_attr.c.
    - CVE-2024-31948
  * SECURITY UPDATE: DoS via malformed OSPF LSA packets
    - debian/patches/CVE-2024-31950.patch: solved crash in RI parsing with
      OSPF TE in ospfd/ospf_te.c.
    - CVE-2024-31950
  * SECURITY UPDATE: DoS via malformed OSPF LSA packets
    - debian/patches/CVE-2024-31951.patch: correct Opaque LSA Extended
      parser in ospfd/ospf_te.c.
    - CVE-2024-31951
  * SECURITY UPDATE: DoS via invalid edge data
    - debian/patches/CVE-2024-34088.patch: protect call to get_edge() in
      ospf_te.c.
    - CVE-2024-34088

 -- Marc Deslauriers <email address hidden> Mon, 27 May 2024 13:18:20 -0400
Source diff to previous version
CVE-2024-31948 In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-31950 In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Se
CVE-2024-31951 In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for
CVE-2024-34088 In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where c

Version: 8.1-1ubuntu1.9 2024-03-06 14:06:57 UTC

  frr (8.1-1ubuntu1.9) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via malformed OSPF LSA packet
    - debian/patches/CVE-2024-27913.patch: solved crash in OSPF TE parsing
      in ospfd/ospf_te.c.
    - CVE-2024-27913

 -- Marc Deslauriers <email address hidden> Tue, 05 Mar 2024 08:27:58 -0500
CVE-2024-27913 ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a ma


About   -   Send Feedback to @ubuntu_updates