-
frr (8.1-1ubuntu3.2) kinetic-security; urgency=medium
* SECURITY UPDATE: denial of service via bgp_attr_psid_sub()
- debian/patches/CVE-2023-31490.patch: ensure stream received has
enough data in bgpd/bgp_attr.c.
- CVE-2023-31490
-- Marc Deslauriers <email address hidden> Fri, 02 Jun 2023 13:55:27 -0400
-
frr (8.1-1ubuntu3.1) kinetic; urgency=medium
* d/frr.postinst: don't change log ownership if the syslog user
doesn't exist. Thanks to Alessandro Ratti
<email address hidden> for the fix (LP: #1991812).
-- Andreas Hasenack <email address hidden> Fri, 28 Oct 2022 11:37:23 -0300
-
frr (8.1-1ubuntu3) kinetic; urgency=medium
* SECURITY UPDATE: DoS via out-of-bounds read
- debian/patches/CVE-2022-37032.patch: make sure hdr length is at a
minimum of what is expected in bgpd/bgp_packet.c.
- CVE-2022-37032
* SECURITY UPDATE: use-after-free due to a race condition
- debian/patches/CVE-2022-37035.patch: avoid notify race between io and
main pthreads in bgpd/bgp_io.c, bgpd/bgp_packet.c, bgpd/bgp_packet.h.
- CVE-2022-37035
-- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 12:31:38 -0400
-
frr (8.1-1ubuntu2) kinetic; urgency=medium
* Fix logging with Ubuntu's unprivileged rsyslog (LP: #1958162):
- d/frr.postinst: change log files ownership
- d/frr.logrotate: change rotated log file ownership
-- Andreas Hasenack <email address hidden> Thu, 09 Jun 2022 12:35:58 -0300
-
frr (8.1-1ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: overflow via input packet length
- debian/patches/CVE-2022-26125.patch: fix router capability TLV
parsing issues in isisd/isis_tlvs.*.
- debian/patches/disable_isisd_fuzz_test.patch: disable fuzz tests as
the security update changed expected results in
tests/isisd/test_fuzz_isis_tlv.py.
- CVE-2022-26125
* SECURITY UPDATE: overflow via use of strdup with binary string
- debian/patches/CVE-2022-26126.patch: use base64 encoding in
isisd/isis_nb_notifications.c, lib/base64.c, lib/base64.h,
lib/subdir.am, lib/yang_wrappers.c, lib/yang_wrappers.h.
- CVE-2022-26126
* SECURITY UPDATE: overflow via missing check on the input packet length
- debian/patches/CVE-2022-26127.patch: add check on packet length in
babeld/message.c.
- CVE-2022-26127
* SECURITY UPDATE: overflow via wrong checks
- debian/patches/CVE-2022-26128_9.patch: fix checks on length in
babeld/message.c.
- CVE-2022-26128
- CVE-2022-26129
-- Marc Deslauriers <email address hidden> Fri, 11 Mar 2022 07:33:41 -0500