• [SECURITY] [DSA 5362-1] frr security update

    From Aron Xu@21:1/5 to All on Fri Feb 24 13:50:02 2023
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5362-1 security@debian.org https://www.debian.org/security/ Aron Xu February 24, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : frr
    CVE ID : CVE-2022-37032
    Debian Bug : 1021016

    An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

    For the stable distribution (bullseye), this problem has been fixed in
    version 7.5.1-1.1+deb11u1.

    We recommend that you upgrade your frr packages.

    For the detailed security status of frr please refer to
    its security tracker page at:

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmP4sT8ACgkQO1LKKgqv 2VQO+Af/WZTA1UtOJxH7d0Dd1DFeyvYSt7LXAt0uZxLhhwfWFM9iuxuAJgw+e1bg 6XF2fohXFSIgmGBJ8nN8/h5K+7RMYK4kmwXw4XHfOVKKCt+BD7vfKxz9RmNFeiFI VHUxEdidSI72medZHzC2kgySmRKbtOmLd3WVnVzKn0ShW3AcAILmSdNQgeWcgFl1 A3DkBhTE19dg2GxyFCDy9f7NRbT/MRkJwwTfLiaSQdzoeUS8veHvA/W+s/FIoutu tGDvhgVSptF1pI4W/IdYvLlaqROKyoatgc/SKQS4tFaTJjGVp2dVx/CD76KF2H0C 101NXVDeMww6YBLyKoc/HB+QkQGcyA==
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)