[ubuntu/jammy-proposed] frr 8.1-1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Mar 11 18:41:13 UTC 2022
frr (8.1-1ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: overflow via input packet length
- debian/patches/CVE-2022-26125.patch: fix router capability TLV
parsing issues in isisd/isis_tlvs.*.
- debian/patches/disable_isisd_fuzz_test.patch: disable fuzz tests as
the security update changed expected results in
tests/isisd/test_fuzz_isis_tlv.py.
- CVE-2022-26125
* SECURITY UPDATE: overflow via use of strdup with binary string
- debian/patches/CVE-2022-26126.patch: use base64 encoding in
isisd/isis_nb_notifications.c, lib/base64.c, lib/base64.h,
lib/subdir.am, lib/yang_wrappers.c, lib/yang_wrappers.h.
- CVE-2022-26126
* SECURITY UPDATE: overflow via missing check on the input packet length
- debian/patches/CVE-2022-26127.patch: add check on packet length in
babeld/message.c.
- CVE-2022-26127
* SECURITY UPDATE: overflow via wrong checks
- debian/patches/CVE-2022-26128_9.patch: fix checks on length in
babeld/message.c.
- CVE-2022-26128
- CVE-2022-26129
Date: Fri, 11 Mar 2022 07:33:41 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 11 Mar 2022 07:33:41 -0500
Source: frr
Built-For-Profiles: noudeb
Architecture: source
Version: 8.1-1ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
frr (8.1-1ubuntu1) jammy; urgency=medium
.
* SECURITY UPDATE: overflow via input packet length
- debian/patches/CVE-2022-26125.patch: fix router capability TLV
parsing issues in isisd/isis_tlvs.*.
- debian/patches/disable_isisd_fuzz_test.patch: disable fuzz tests as
the security update changed expected results in
tests/isisd/test_fuzz_isis_tlv.py.
- CVE-2022-26125
* SECURITY UPDATE: overflow via use of strdup with binary string
- debian/patches/CVE-2022-26126.patch: use base64 encoding in
isisd/isis_nb_notifications.c, lib/base64.c, lib/base64.h,
lib/subdir.am, lib/yang_wrappers.c, lib/yang_wrappers.h.
- CVE-2022-26126
* SECURITY UPDATE: overflow via missing check on the input packet length
- debian/patches/CVE-2022-26127.patch: add check on packet length in
babeld/message.c.
- CVE-2022-26127
* SECURITY UPDATE: overflow via wrong checks
- debian/patches/CVE-2022-26128_9.patch: fix checks on length in
babeld/message.c.
- CVE-2022-26128
- CVE-2022-26129
Checksums-Sha1:
d085826028ec0e4f8d8a615d35171bcc83ba647c 2717 frr_8.1-1ubuntu1.dsc
2a0eb732b13b5bc5da07dbdb6919ac2d3aafd2f4 36136 frr_8.1-1ubuntu1.debian.tar.xz
caf1708f2cec33bc8734c1cd8e22991563a43154 9827 frr_8.1-1ubuntu1_source.buildinfo
Checksums-Sha256:
79c526a0c615ef52b8c3e0085cafa224b2d7d8d3b5b286549905cc2c476e8315 2717 frr_8.1-1ubuntu1.dsc
f180ba3ed4977dc49bd3fec3e5bceeeeca3f412afa8b3dfeffcca02ab883ce46 36136 frr_8.1-1ubuntu1.debian.tar.xz
374988d8c73a2f9e35b2fd5b79b653a91cb41d1a8d2719cf8f876b0f01407b67 9827 frr_8.1-1ubuntu1_source.buildinfo
Files:
d2db608c56abbd830e7686f0c5400753 2717 net optional frr_8.1-1ubuntu1.dsc
c8b15e0a1655d003e3815afcf8dbdab3 36136 net optional frr_8.1-1ubuntu1.debian.tar.xz
60ce968eb62c363d0aa5a757b5981454 9827 net optional frr_8.1-1ubuntu1_source.buildinfo
Original-Maintainer: David Lamparter <equinox-debian at diac24.net>
More information about the jammy-changes
mailing list