-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------- Debian Security Advisory DSA-5495-1 security@debian.org https://www.debian.org/security/ Aron Xu September 11, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : frr
CVE ID : CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681
CVE-2023-31490 CVE-2023-38802 CVE-2023-41358
Debian Bug : 1035829 1036062

Brief introduction

Multiple vulnerbilities were discovered in frr, the FRRouting suite of
internet protocols, while processing malformed requests and packets the BGP daemon may have reachable assertions, NULL pointer dereference, out-of-bounds memory access, which may lead to denial of service attack.

For the oldstable distribution (bullseye), these problems have been fixed
in version 7.5.1-1.1+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in version 8.4.4-1.1~deb12u1.

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/frr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmT+vCQACgkQO1LKKgqv 2VTdlwf9Ez2k1hBPYWNge7Izunc6ovIAEeDkSLjAFYU/sEn8ehb2KQAvU27AxtxD 0sYhV1XFD0y8gqQIngSgpVD+XKvclPTihS8h48Yx+C3M2e1ce5SnDytvM4AZ9w7f maHvbysQL1QrKB4TyIr3jnikcMIWgwyzaRTmIpqryFabO44SSSe+Ysn8Mvdbh3p5 Zzb9Udm/5iZWybYVO4aO0fndrq8TnfNe9uJCKd6MjUR/0Byppzmzt5lUm8PoW4wu xIgwpy9hXXCUD/ttQztKeK2FScQbz1xSNz6RdomyzDK+dVZ+BnihPUNWECweH9UA m8laSkRR1QzCOEjVGB6pcIge0IKl/w==
=t+W8
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)