(RHSA-2023:6434) Moderate: frr security and bug fix update

2023-11-0706:05:29

access.redhat.com

frrouting

free software

tcp/ip

routing protocols

bgp4

ospfv2

ospfv3

isis

rip

ripng

pim

nhrp

pbr

eigrp

bfd

reachable assertion

denial of service

crafting

bgp open message

out-of-bounds read

cve-2022-36440

cve-2022-40302

cve-2022-40318

cve-2022-43681

red hat enterprise linux 9.3 release notes

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.0%

JSON

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

Security Fix(es):

frr: Reachable assertion in peek_for_as4_capability function (CVE-2022-36440)
frr: denial of service by crafting a BGP OPEN message with an option of type 0xff (CVE-2022-40302)
frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff (CVE-2022-40318)
frr: out-of-bounds read exists in the BGP daemon of FRRouting (CVE-2022-43681)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9aarch64frr-debugsource< 8.3.1-11.el9_3frr-debugsource-8.3.1-11.el9_3.aarch64.rpm
RedHat9x86_64frr-debugsource< 8.3.1-11.el9_3frr-debugsource-8.3.1-11.el9_3.x86_64.rpm
RedHat9ppc64lefrr-debuginfo< 8.3.1-11.el9_3frr-debuginfo-8.3.1-11.el9_3.ppc64le.rpm
RedHat9s390xfrr-debuginfo< 8.3.1-11.el9_3frr-debuginfo-8.3.1-11.el9_3.s390x.rpm
RedHat9ppc64lefrr< 8.3.1-11.el9_3frr-8.3.1-11.el9_3.ppc64le.rpm
RedHat9ppc64lefrr-debugsource< 8.3.1-11.el9_3frr-debugsource-8.3.1-11.el9_3.ppc64le.rpm
RedHat9s390xfrr-debugsource< 8.3.1-11.el9_3frr-debugsource-8.3.1-11.el9_3.s390x.rpm
RedHat9noarchfrr-selinux< 8.3.1-11.el9_3frr-selinux-8.3.1-11.el9_3.noarch.rpm
RedHat9aarch64frr-debuginfo< 8.3.1-11.el9_3frr-debuginfo-8.3.1-11.el9_3.aarch64.rpm
RedHat9x86_64frr-debuginfo< 8.3.1-11.el9_3frr-debuginfo-8.3.1-11.el9_3.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	aarch64	frr-debugsource	< 8.3.1-11.el9_3	frr-debugsource-8.3.1-11.el9_3.aarch64.rpm
RedHat	9	x86_64	frr-debugsource	< 8.3.1-11.el9_3	frr-debugsource-8.3.1-11.el9_3.x86_64.rpm
RedHat	9	ppc64le	frr-debuginfo	< 8.3.1-11.el9_3	frr-debuginfo-8.3.1-11.el9_3.ppc64le.rpm
RedHat	9	s390x	frr-debuginfo	< 8.3.1-11.el9_3	frr-debuginfo-8.3.1-11.el9_3.s390x.rpm
RedHat	9	ppc64le	frr	< 8.3.1-11.el9_3	frr-8.3.1-11.el9_3.ppc64le.rpm
RedHat	9	ppc64le	frr-debugsource	< 8.3.1-11.el9_3	frr-debugsource-8.3.1-11.el9_3.ppc64le.rpm
RedHat	9	s390x	frr-debugsource	< 8.3.1-11.el9_3	frr-debugsource-8.3.1-11.el9_3.s390x.rpm
RedHat	9	noarch	frr-selinux	< 8.3.1-11.el9_3	frr-selinux-8.3.1-11.el9_3.noarch.rpm
RedHat	9	aarch64	frr-debuginfo	< 8.3.1-11.el9_3	frr-debuginfo-8.3.1-11.el9_3.aarch64.rpm
RedHat	9	x86_64	frr-debuginfo	< 8.3.1-11.el9_3	frr-debuginfo-8.3.1-11.el9_3.x86_64.rpm