Debian Security Advisory
DSA-5495-1 frr -- security update
- Date Reported:
- 11 Sep 2023
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 1035829, Bug 1036062.
In Mitre's CVE dictionary: CVE-2022-36440, CVE-2022-40302, CVE-2022-40318, CVE-2022-43681, CVE-2023-31490, CVE-2023-38802, CVE-2023-41358.
- More information:
Multiple vulnerabilities were discovered in frr, the FRRouting suite of internet protocols, while processing malformed requests and packets the BGP daemon may have reachable assertions, NULL pointer dereference, out-of-bounds memory access, which may lead to denial of service attack.
For the oldstable distribution (bullseye), these problems have been fixed in version 7.5.1-1.1+deb11u2.
For the stable distribution (bookworm), these problems have been fixed in version 8.4.4-1.1~deb12u1.
We recommend that you upgrade your frr packages.
For the detailed security status of frr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/frr