USN-6807-1: FRR vulnerabilities
5 June 2024
FRR could be made to crash or run programs if it received specially crafted network traffic.
Releases
Packages
- frr - FRRouting suite of internet protocols
Details
It was discovered that FRR incorrectly handled certain network traffic.
A remote attacker could possibly use this issue to cause FRR to crash,
resulting in a denial of service. (CVE-2022-26126, CVE-2022-26127,
CVE-2022-26128, CVE-2022-26129, CVE-2022-37032, CVE-2022-37035,
CVE-2023-31490, CVE-2023-38406, CVE-2023-38407, CVE-2023-46752,
CVE-2023-46753, CVE-2023-47234, CVE-2023-47235, CVE-2024-31948)
Ben Cartwright-Cox discovered that FRR incorrectly handled certain
network traffic. A remote attacker could possibly use this issue to cause
FRR to crash, resulting in a denial of service. (CVE-2023-38802)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
frr
-
7.2.1-1ubuntu0.2+esm2
Available with Ubuntu Pro
After a standard system update you need to restart FRR to make
all the necessary changes.