Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5495-1] frr security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5495-1] frr security update


Chronologisch Thread  
  • From: Aron Xu <aron AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5495-1] frr security update
  • Date: Mon, 11 Sep 2023 07:14:35 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1qfb7z-009SaL-9r AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=b7SVOavYlFI6NNGL/sGWCRuje6M70e5QyocNHxU0gMo=; b=jW L7qV0s0t89fHjzFXOLC1Z6j7ly2OwQ51ioO/ZIWiBVHHSc9Ftp7xRoI+UIU2tcEqutlu5QBOeaOyb YgCPOpJZYgo7iCWWovHSWaykuObaIfFDf/jY9XnL2uqO69AwY2szenyXa//LDgcB9F2hw4MDrAxN+ SOBnoYVXdyOgs7+9cC5iD478004JjTMUyKjUuJBQ4hneaw3wRzu/uVNfgmtL+m+5sNkQyovkUVeZa FFXnjFb2xtLEic2be+3QTs8QFAvdltcv3uqO9BfFTINUFJPM+PLtvH0ONMBZX2FNouVd9Ngf8SPxW BCmlGofaS3SpxBGlqk+5nd5HhaOsZSHw==;
  • Old-return-path: <aron AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 11 Sep 2023 07:15:03 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <y4YXolNjZnE.A.mHH.35r_kB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5495-1 security AT debian.org
https://www.debian.org/security/ Aron Xu
September 11, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : frr
CVE ID : CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681
CVE-2023-31490 CVE-2023-38802 CVE-2023-41358
Debian Bug : 1035829 1036062

Brief introduction

Multiple vulnerbilities were discovered in frr, the FRRouting suite of
internet protocols, while processing malformed requests and packets the BGP
daemon may have reachable assertions, NULL pointer dereference, out-of-bounds
memory access, which may lead to denial of service attack.

For the oldstable distribution (bullseye), these problems have been fixed
in version 7.5.1-1.1+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 8.4.4-1.1~deb12u1.

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/frr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmT+vCQACgkQO1LKKgqv
2VTdlwf9Ez2k1hBPYWNge7Izunc6ovIAEeDkSLjAFYU/sEn8ehb2KQAvU27AxtxD
0sYhV1XFD0y8gqQIngSgpVD+XKvclPTihS8h48Yx+C3M2e1ce5SnDytvM4AZ9w7f
maHvbysQL1QrKB4TyIr3jnikcMIWgwyzaRTmIpqryFabO44SSSe+Ysn8Mvdbh3p5
Zzb9Udm/5iZWybYVO4aO0fndrq8TnfNe9uJCKd6MjUR/0Byppzmzt5lUm8PoW4wu
xIgwpy9hXXCUD/ttQztKeK2FScQbz1xSNz6RdomyzDK+dVZ+BnihPUNWECweH9UA
m8laSkRR1QzCOEjVGB6pcIge0IKl/w==
=t+W8
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 5495-1] frr security update, Aron Xu, 11.09.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang