-
frr (8.4.2-1ubuntu1.6) lunar-security; urgency=medium
* SECURITY UPDATE: flowspec overflow issue
- debian/patches/CVE-2023-38406.patch: check length in
bgpd/bgp_flowspec.c.
- CVE-2023-38406
* SECURITY UPDATE: read beyond stream during labeled unicast parsing
- debian/patches/CVE-2023-38407.patch: fix use beyond end of stream of
labeled unicast parsing in bgpd/bgp_label.c.
- CVE-2023-38407
* SECURITY UPDATE: crash via MP_UNREACH_NLRI attribute
- debian/patches/CVE-2023-47234.patch: ignore handling NLRIs if we
received MP_UNREACH_NLRI in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
bgpd/bgp_packet.c.
- CVE-2023-47234
* SECURITY UPDATE: crash via malformed BGP UPDATE message
- debian/patches/CVE-2023-47235.patch: treat EOR as withdrawn to avoid
unwanted handling of malformed attrs in bgpd/bgp_attr.c.
- CVE-2023-47235
-- Marc Deslauriers <email address hidden> Thu, 16 Nov 2023 09:45:05 -0500
-
frr (8.4.2-1ubuntu1.5) lunar-security; urgency=medium
* SECURITY UPDATE: DoS via MP_REACH_NLRI data
- debian/patches/CVE-2023-46752.patch: handle MP_REACH_NLRI malformed
packets with session reset in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
bgpd/bgp_packet.c.
- CVE-2023-46752
* SECURITY UPDATE: DoS via BGP UPDATE without mandatory attributes
- debian/patches/CVE-2023-46753.patch: check mandatory attributes more
carefully for UPDATE message in bgpd/bgp_attr.c.
- CVE-2023-46753
-- Marc Deslauriers <email address hidden> Wed, 01 Nov 2023 14:27:47 -0400
-
frr (8.4.2-1ubuntu1.4) lunar-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2023-41358.patch: Do not process NLRIs if the
attribute length is zero
- debian/patches/CVE-2023-41360.patch: Don't read the first byte of ORF
header if we are ahead of stream
- CVE-2023-41358
- CVE-2023-41360
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2023-41909.patch: Limit flowspec to no attribute
means a implicit withdrawal
- CVE-2023-41909
-- Nishit Majithia <email address hidden> Mon, 16 Oct 2023 12:27:34 +0530
-
frr (8.4.2-1ubuntu1.3) lunar-security; urgency=medium
* SECURITY UPDATE: a BGP route attribute, tunnel encapsulation, can
be corrupted and cause denial of service
- debian/patches/CVE-2023-38802.patch: use treat-as-withdraw for
tunnel encapsulation attribute
- CVE-2023-31490
-- Mark Esler <email address hidden> Wed, 30 Aug 2023 10:33:16 -0500
-
frr (8.4.2-1ubuntu1.2) lunar-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2023-3748.patch: replacing continue in loops
to goto done in bebeld/message.c.
- CVE-2023-3748
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 20 Jul 2023 12:55:46 -0300
-
frr (8.4.2-1ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: denial of service via bgp_capability_llgr()
- debian/patches/CVE-2023-31489.patch: check 7 bytes for Long-lived
Graceful-Restart capability in bgpd/bgp_open.c.
- CVE-2023-31489
* SECURITY UPDATE: denial of service via bgp_attr_psid_sub()
- debian/patches/CVE-2023-31490.patch: ensure stream received has
enough data in bgpd/bgp_attr.c.
- CVE-2023-31490
-- Marc Deslauriers <email address hidden> Fri, 02 Jun 2023 13:14:57 -0400
-
frr (8.4.2-1ubuntu1) lunar; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Fix logging with Ubuntu's unprivileged rsyslog (LP #1958162):
+ d/frr.postinst: change log files ownership
+ d/frr.logrotate: change rotated log file ownership
-- Andreas Hasenack <email address hidden> Sun, 29 Jan 2023 15:28:40 -0300
-
frr (8.4.1-2ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #1993401). Remaining changes:
- Fix logging with Ubuntu's unprivileged rsyslog (LP #1958162):
+ d/frr.postinst: change log files ownership
+ d/frr.logrotate: change rotated log file ownership
* Dropped (fixed upstream):
- SECURITY UPDATE: overflow via input packet length
+ debian/patches/CVE-2022-26125.patch: fix router capability TLV
parsing issues in isisd/isis_tlvs.*.
+ debian/patches/disable_isisd_fuzz_test.patch: disable fuzz tests as
the security update changed expected results in
tests/isisd/test_fuzz_isis_tlv.py.
+ CVE-2022-26125
- SECURITY UPDATE: overflow via use of strdup with binary string
+ debian/patches/CVE-2022-26126.patch: use base64 encoding in
isisd/isis_nb_notifications.c, lib/base64.c, lib/base64.h,
lib/subdir.am, lib/yang_wrappers.c, lib/yang_wrappers.h.
+ CVE-2022-26126
- SECURITY UPDATE: overflow via missing check on the input packet length
+ debian/patches/CVE-2022-26127.patch: add check on packet length in
babeld/message.c.
+ CVE-2022-2612
- SECURITY UPDATE: overflow via wrong checks
+ debian/patches/CVE-2022-26128_9.patch: fix checks on length in
babeld/message.c.
+ CVE-2022-26128
+ CVE-2022-26129
- SECURITY UPDATE: DoS via out-of-bounds read
+ debian/patches/CVE-2022-37032.patch: make sure hdr length is at a
minimum of what is expected in bgpd/bgp_packet.c.
+ CVE-2022-37032
- SECURITY UPDATE: use-after-free due to a race condition
+ debian/patches/CVE-2022-37035.patch: avoid notify race between io and
main pthreads in bgpd/bgp_io.c, bgpd/bgp_packet.c, bgpd/bgp_packet.h.
+ CVE-2022-37035
-- Andreas Hasenack <email address hidden> Sun, 08 Jan 2023 17:57:05 -0300
-
frr (8.1-1ubuntu4) lunar; urgency=medium
* d/frr.postinst: don't change log ownership if the syslog user
doesn't exist. Thanks to Alessandro Ratti
<email address hidden> for the fix (LP: #1991812).
-- Andreas Hasenack <email address hidden> Fri, 28 Oct 2022 11:35:27 -0300
-
frr (8.1-1ubuntu3) kinetic; urgency=medium
* SECURITY UPDATE: DoS via out-of-bounds read
- debian/patches/CVE-2022-37032.patch: make sure hdr length is at a
minimum of what is expected in bgpd/bgp_packet.c.
- CVE-2022-37032
* SECURITY UPDATE: use-after-free due to a race condition
- debian/patches/CVE-2022-37035.patch: avoid notify race between io and
main pthreads in bgpd/bgp_io.c, bgpd/bgp_packet.c, bgpd/bgp_packet.h.
- CVE-2022-37035
-- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 12:31:38 -0400
