[ALSA-2024:2156] Moderate: frr security update
Release date:
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): * frr: incorrect length check in bgp_capability_llgr() can lead do DoS (CVE-2023-31489) * frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490) * frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358) * frr: out of bounds read in bgp_attr_aigp_valid (CVE-2023-41359) * frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909) * frr: mishandled malformed data leading to a crash (CVE-2023-46752) * frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753) * frr: ahead-of-stream read of ORF header (CVE-2023-41360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 frr-8.5.3-4.el9.aarch64.rpm 8ae42805c1e3c15f40285627c2d240df73ad340a03011b5543965ce75c5bb73d
noarch frr-selinux-8.5.3-4.el9.noarch.rpm f85f64a1fb71053e0f2877d7703451ebadd7b820fa527fd6d06fe4022eb842c2
ppc64le frr-8.5.3-4.el9.ppc64le.rpm 7dedd517a605b03b039339745373208ae8c7bdf83713e47fc5256384b2260d20
s390x frr-8.5.3-4.el9.s390x.rpm 0bc0e6fde4df305f69c51a06fd76ed52d2ba355f724a280b01948fa8a1c2047d
x86_64 frr-8.5.3-4.el9.x86_64.rpm c81c623d5ef6777a3827743681e4885c0e88f856551d630ff6b92cba04253f94
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.