Lucene search

K
debianDebianDEBIAN:DLA-3573-1:13664
HistorySep 19, 2023 - 7:41 p.m.

[SECURITY] [DLA 3573-1] frr security update

2023-09-1919:41:22
lists.debian.org
5
cve-2022-40302
cve-2023-41909
frrouting
cve-2023-31490
cve-2023-41361
debian
cve-2023-38802
cve-2023-41360
denial of service
lts
remote attacker
cve-2022-43681
bgp
cve-2022-40318
cve-2022-36440
cve-2023-41358

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%


Debian LTS Advisory DLA-3573-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
September 19, 2023 https://wiki.debian.org/LTS

Package : frr
Version : 7.5.1-1.1+deb10u1
CVE ID : CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681
CVE-2023-31490 CVE-2023-38802 CVE-2023-41358 CVE-2023-41360
CVE-2023-41361 CVE-2023-41909
Debian Bug : 1035829 1036062

Multiple security vulnerabilities were found in frr, the FRRouting suite
of internet protocols. Maliciously constructed Border Gateway Protocol
(BGP) packages or corrupted tunnel attributes may cause a denial of service
(application crash) which could be exploited by a remote attacker.

For Debian 10 buster, these problems have been fixed in version
7.5.1-1.1+deb10u1.

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/frr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%