UbuntuUpdates.org

Package "frr"

Name: frr

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • FRRouting suite - BGP RPKI support (rtrlib)
  • FRRouting suite - SNMP support
Latest version: 8.4.4-1.1ubuntu6.3
Release: noble (24.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "frr" in Noble

Repository Area Version
base universe 8.4.4-1.1ubuntu6
base main 8.4.4-1.1ubuntu6
security main 8.4.4-1.1ubuntu6.3
security universe 8.4.4-1.1ubuntu6.3
updates main 8.4.4-1.1ubuntu6.3
proposed universe 8.4.4-1.1ubuntu6.4
proposed main 8.4.4-1.1ubuntu6.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.4.4-1.1ubuntu6.3 2025-01-27 22:07:00 UTC

  frr (8.4.4-1.1ubuntu6.3) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of service via route re-validation
    - debian/patches/CVE-2024-55553.patch: bgpd: Validate only affected
      RPKI prefixes instead of a full RIB.
    - Ubuntu note: Adjusted from backport of 7.5 to fit 8.4.4.
    - CVE-2024-55553

 -- John Breton <email address hidden> Fri, 24 Jan 2025 09:43:49 -0500
Source diff to previous version
CVE-2024-55553 In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal sock

Version: 8.4.4-1.1ubuntu6.2 2024-09-17 17:07:06 UTC

  frr (8.4.4-1.1ubuntu6.2) noble-security; urgency=medium

  * SECURITY UPDATE: BGP overflow via TLV value
    - debian/patches/CVE-2024-44070.patch: check the actual remaining
      stream length before taking TLV value in bgpd/bgp_attr.c.
    - CVE-2024-44070

 -- Marc Deslauriers <email address hidden> Tue, 10 Sep 2024 07:38:37 -0400
Source diff to previous version
CVE-2024-44070 An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before t

Version: 8.4.4-1.1ubuntu6.1 2024-05-28 18:07:07 UTC

  frr (8.4.4-1.1ubuntu6.1) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via malformed Prefix SID attribute
    - debian/patches/CVE-2024-31948-1.patch: fix error handling when
      receiving BGP Prefix SID attribute in bgpd/bgp_attr.c.
    - debian/patches/CVE-2024-31948-2.patch: prevent from one more CVE
      triggering this place in bgpd/bgp_attr.c.
    - CVE-2024-31948
  * SECURITY UPDATE: DoS via malformed OSPF LSA packets
    - debian/patches/CVE-2024-31950.patch: solved crash in RI parsing with
      OSPF TE in ospfd/ospf_te.c.
    - CVE-2024-31950
  * SECURITY UPDATE: DoS via malformed OSPF LSA packets
    - debian/patches/CVE-2024-31951.patch: correct Opaque LSA Extended
      parser in ospfd/ospf_te.c.
    - CVE-2024-31951
  * SECURITY UPDATE: DoS via invalid edge data
    - debian/patches/CVE-2024-34088.patch: protect call to get_edge() in
      ospf_te.c.
    - CVE-2024-34088

 -- Marc Deslauriers <email address hidden> Mon, 27 May 2024 13:09:15 -0400
CVE-2024-31948 In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-31950 In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Se
CVE-2024-31951 In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for
CVE-2024-34088 In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where c


About   -   Send Feedback to @ubuntu_updates