UbuntuUpdates.org

Package "frr-pythontools"

Name: frr-pythontools

Description:

FRRouting suite - Python tools

Latest version: 8.1-1ubuntu1.11
Release: jammy (22.04)
Level: security
Repository: main
Head package: frr
Homepage: https://www.frrouting.org/

Links


Download "frr-pythontools"


Other versions of "frr-pythontools" in Jammy

Repository Area Version
base main 8.1-1ubuntu1
updates main 8.1-1ubuntu1.11

Changelog

Version: 8.1-1ubuntu1.11 2024-09-17 16:06:59 UTC

  frr (8.1-1ubuntu1.11) jammy-security; urgency=medium

  * SECURITY UPDATE: BGP overflow via TLV value
    - debian/patches/CVE-2024-44070.patch: check the actual remaining
      stream length before taking TLV value in bgpd/bgp_attr.c.
    - CVE-2024-44070

 -- Marc Deslauriers <email address hidden> Tue, 10 Sep 2024 07:39:38 -0400

Source diff to previous version
CVE-2024-44070 An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before t

Version: 8.1-1ubuntu1.10 2024-05-28 17:08:18 UTC

  frr (8.1-1ubuntu1.10) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via malformed Prefix SID attribute
    - debian/patches/CVE-2024-31948-1.patch: fix error handling when
      receiving BGP Prefix SID attribute in bgpd/bgp_attr.c.
    - debian/patches/CVE-2024-31948-2.patch: prevent from one more CVE
      triggering this place in bgpd/bgp_attr.c.
    - CVE-2024-31948
  * SECURITY UPDATE: DoS via malformed OSPF LSA packets
    - debian/patches/CVE-2024-31950.patch: solved crash in RI parsing with
      OSPF TE in ospfd/ospf_te.c.
    - CVE-2024-31950
  * SECURITY UPDATE: DoS via malformed OSPF LSA packets
    - debian/patches/CVE-2024-31951.patch: correct Opaque LSA Extended
      parser in ospfd/ospf_te.c.
    - CVE-2024-31951
  * SECURITY UPDATE: DoS via invalid edge data
    - debian/patches/CVE-2024-34088.patch: protect call to get_edge() in
      ospf_te.c.
    - CVE-2024-34088

 -- Marc Deslauriers <email address hidden> Mon, 27 May 2024 13:18:20 -0400

Source diff to previous version
CVE-2024-31948 In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-31950 In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Se
CVE-2024-31951 In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for
CVE-2024-34088 In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where c

Version: 8.1-1ubuntu1.9 2024-03-06 14:06:57 UTC

  frr (8.1-1ubuntu1.9) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via malformed OSPF LSA packet
    - debian/patches/CVE-2024-27913.patch: solved crash in OSPF TE parsing
      in ospfd/ospf_te.c.
    - CVE-2024-27913

 -- Marc Deslauriers <email address hidden> Tue, 05 Mar 2024 08:27:58 -0500

Source diff to previous version
CVE-2024-27913 ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a ma

Version: 8.1-1ubuntu1.8 2023-11-21 16:09:09 UTC

  frr (8.1-1ubuntu1.8) jammy-security; urgency=medium

  * SECURITY UPDATE: flowspec overflow issue
    - debian/patches/CVE-2023-38406.patch: check length in
      bgpd/bgp_flowspec.c.
    - CVE-2023-38406
  * SECURITY UPDATE: read beyond stream during labeled unicast parsing
    - debian/patches/CVE-2023-38407.patch: fix use beyond end of stream of
      labeled unicast parsing in bgpd/bgp_label.c.
    - CVE-2023-38407
  * SECURITY UPDATE: crash via MP_UNREACH_NLRI attribute
    - debian/patches/CVE-2023-47234.patch: ignore handling NLRIs if we
      received MP_UNREACH_NLRI in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
      bgpd/bgp_packet.c.
    - CVE-2023-47234
  * SECURITY UPDATE: crash via malformed BGP UPDATE message
    - debian/patches/CVE-2023-47235.patch: treat EOR as withdrawn to avoid
      unwanted handling of malformed attrs in bgpd/bgp_attr.c.
    - CVE-2023-47235

 -- Marc Deslauriers <email address hidden> Thu, 16 Nov 2023 09:48:20 -0500

Source diff to previous version
CVE-2023-38406 bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
CVE-2023-38407 bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-47234 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribu
CVE-2023-47235 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the p

Version: 8.1-1ubuntu1.7 2023-11-15 16:10:10 UTC

  frr (8.1-1ubuntu1.7) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via MP_REACH_NLRI data
    - debian/patches/CVE-2023-46752.patch: handle MP_REACH_NLRI malformed
      packets with session reset in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
      bgpd/bgp_packet.c.
    - CVE-2023-46752
  * SECURITY UPDATE: DoS via BGP UPDATE without mandatory attributes
    - debian/patches/CVE-2023-46753.patch: check mandatory attributes more
      carefully for UPDATE message in bgpd/bgp_attr.c.
    - CVE-2023-46753

 -- Marc Deslauriers <email address hidden> Wed, 01 Nov 2023 14:30:38 -0400

CVE-2023-46752 An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
CVE-2023-46753 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one wi



About   -   Send Feedback to @ubuntu_updates