Lucene search

K
debianDebianDEBIAN:DSA-5495-1:5104E
HistorySep 11, 2023 - 7:14 a.m.

[SECURITY] [DSA 5495-1] frr security update

2023-09-1107:14:35
lists.debian.org
16
update
debian
security tracker
vulnerabilities
denial of service
internet protocols
frr
bgp

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

76.1%


Debian Security Advisory DSA-5495-1 [email protected]
https://www.debian.org/security/ Aron Xu
September 11, 2023 https://www.debian.org/security/faq


Package : frr
CVE ID : CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681
CVE-2023-31490 CVE-2023-38802 CVE-2023-41358
Debian Bug : 1035829 1036062

Brief introduction

Multiple vulnerbilities were discovered in frr, the FRRouting suite of
internet protocols, while processing malformed requests and packets the BGP
daemon may have reachable assertions, NULL pointer dereference, out-of-bounds
memory access, which may lead to denial of service attack.

For the oldstable distribution (bullseye), these problems have been fixed
in version 7.5.1-1.1+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 8.4.4-1.1~deb12u1.

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/frr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

76.1%