RedHatRHSA-2024:2981(RHSA-2024:2981) Moderate: frr security update
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
-
frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490)
-
frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358)
-
frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909)
-
frr: mishandled malformed data leading to a crash (CVE-2023-46752)
-
frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | s390x | frr-debugsource | < 7.5.1-22.el8 | frr-debugsource-7.5.1-22.el8.s390x.rpm |
| RedHat | 8 | s390x | frr-debuginfo | < 7.5.1-22.el8 | frr-debuginfo-7.5.1-22.el8.s390x.rpm |
| RedHat | 8 | x86_64 | frr | < 7.5.1-22.el8 | frr-7.5.1-22.el8.x86_64.rpm |
| RedHat | 8 | ppc64le | frr-debuginfo | < 7.5.1-22.el8 | frr-debuginfo-7.5.1-22.el8.ppc64le.rpm |
| RedHat | 8 | aarch64 | frr-debuginfo | < 7.5.1-22.el8 | frr-debuginfo-7.5.1-22.el8.aarch64.rpm |
| RedHat | 8 | ppc64le | frr-debugsource | < 7.5.1-22.el8 | frr-debugsource-7.5.1-22.el8.ppc64le.rpm |
| RedHat | 8 | x86_64 | frr-debuginfo | < 7.5.1-22.el8 | frr-debuginfo-7.5.1-22.el8.x86_64.rpm |
| RedHat | 8 | aarch64 | frr-debugsource | < 7.5.1-22.el8 | frr-debugsource-7.5.1-22.el8.aarch64.rpm |
| RedHat | 8 | ppc64le | frr | < 7.5.1-22.el8 | frr-7.5.1-22.el8.ppc64le.rpm |
| RedHat | 8 | s390x | frr | < 7.5.1-22.el8 | frr-7.5.1-22.el8.s390x.rpm |
Related
