Package "frr"
Name: |
frr
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- FRRouting suite - BGP RPKI support (rtrlib)
- FRRouting suite - SNMP support
|
Latest version: |
8.4.4-1.1ubuntu6.2 |
Release: |
noble (24.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "frr" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
frr (8.4.4-1.1ubuntu6.2) noble-security; urgency=medium
* SECURITY UPDATE: BGP overflow via TLV value
- debian/patches/CVE-2024-44070.patch: check the actual remaining
stream length before taking TLV value in bgpd/bgp_attr.c.
- CVE-2024-44070
-- Marc Deslauriers <email address hidden> Tue, 10 Sep 2024 07:38:37 -0400
|
Source diff to previous version |
CVE-2024-44070 |
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before t |
|
frr (8.4.4-1.1ubuntu6.1) noble-security; urgency=medium
* SECURITY UPDATE: DoS via malformed Prefix SID attribute
- debian/patches/CVE-2024-31948-1.patch: fix error handling when
receiving BGP Prefix SID attribute in bgpd/bgp_attr.c.
- debian/patches/CVE-2024-31948-2.patch: prevent from one more CVE
triggering this place in bgpd/bgp_attr.c.
- CVE-2024-31948
* SECURITY UPDATE: DoS via malformed OSPF LSA packets
- debian/patches/CVE-2024-31950.patch: solved crash in RI parsing with
OSPF TE in ospfd/ospf_te.c.
- CVE-2024-31950
* SECURITY UPDATE: DoS via malformed OSPF LSA packets
- debian/patches/CVE-2024-31951.patch: correct Opaque LSA Extended
parser in ospfd/ospf_te.c.
- CVE-2024-31951
* SECURITY UPDATE: DoS via invalid edge data
- debian/patches/CVE-2024-34088.patch: protect call to get_edge() in
ospf_te.c.
- CVE-2024-34088
-- Marc Deslauriers <email address hidden> Mon, 27 May 2024 13:09:15 -0400
|
CVE-2024-31948 |
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. |
CVE-2024-31950 |
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Se |
CVE-2024-31951 |
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for |
CVE-2024-34088 |
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where c |
|
About
-
Send Feedback to @ubuntu_updates