Debian Security Advisory

DSA-5495-1 frr -- security update

Date Reported:
11 Sep 2023
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 1035829, Bug 1036062.
In Mitre's CVE dictionary: CVE-2022-36440, CVE-2022-40302, CVE-2022-40318, CVE-2022-43681, CVE-2023-31490, CVE-2023-38802, CVE-2023-41358.
More information:

Multiple vulnerabilities were discovered in frr, the FRRouting suite of internet protocols, while processing malformed requests and packets the BGP daemon may have reachable assertions, NULL pointer dereference, out-of-bounds memory access, which may lead to denial of service attack.

For the oldstable distribution (bullseye), these problems have been fixed in version 7.5.1-1.1+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in version 8.4.4-1.1~deb12u1.

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to its security tracker page at: