[ubuntu/noble-proposed] frr 8.4.4-1.1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Nov 15 15:09:13 UTC 2023 

frr (8.4.4-1.1ubuntu2) noble; urgency=medium

  * SECURITY UPDATE: DoS via MP_REACH_NLRI data
    - debian/patches/CVE-2023-46752.patch: handle MP_REACH_NLRI malformed
      packets with session reset in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
      bgpd/bgp_packet.c.
    - CVE-2023-46752
  * SECURITY UPDATE: DoS via BGP UPDATE without mandatory attributes
    - debian/patches/CVE-2023-46753.patch: check mandatory attributes more
      carefully for UPDATE message in bgpd/bgp_attr.c.
    - CVE-2023-46753

Date: Wed, 01 Nov 2023 14:12:59 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/frr/8.4.4-1.1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 01 Nov 2023 14:12:59 -0400
Source: frr
Built-For-Profiles: noudeb
Architecture: source
Version: 8.4.4-1.1ubuntu2
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 frr (8.4.4-1.1ubuntu2) noble; urgency=medium
 .
   * SECURITY UPDATE: DoS via MP_REACH_NLRI data
     - debian/patches/CVE-2023-46752.patch: handle MP_REACH_NLRI malformed
       packets with session reset in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
       bgpd/bgp_packet.c.
     - CVE-2023-46752
   * SECURITY UPDATE: DoS via BGP UPDATE without mandatory attributes
     - debian/patches/CVE-2023-46753.patch: check mandatory attributes more
       carefully for UPDATE message in bgpd/bgp_attr.c.
     - CVE-2023-46753
Checksums-Sha1:
 fae43263dfe8fe8ca97936042d6d1d4608ee0a75 2815 frr_8.4.4-1.1ubuntu2.dsc
 7570d0e04568062a4d000dc98aeaf1562b856ed4 38424 frr_8.4.4-1.1ubuntu2.debian.tar.xz
 76f024d106139ceb40b4d6cab3c36d753f9b2075 9651 frr_8.4.4-1.1ubuntu2_source.buildinfo
Checksums-Sha256:
 b30d6ae8495a67646ebfa632347ce038571b0af9dbb60ff0e0909aec11772a11 2815 frr_8.4.4-1.1ubuntu2.dsc
 8211305660538c88fe628df46b2ced57eb0195ae3bbfbc88ef0dac4f793d39fd 38424 frr_8.4.4-1.1ubuntu2.debian.tar.xz
 aa1f621d63cfc526f400b284e38674d3b0b539bf9330c1600ace6640bcae2b2f 9651 frr_8.4.4-1.1ubuntu2_source.buildinfo
Files:
 9cb8b1519f917eacf8d9933a31955f5e 2815 net optional frr_8.4.4-1.1ubuntu2.dsc
 80fc496dc4f7c5db3afa6db436882b8a 38424 net optional frr_8.4.4-1.1ubuntu2.debian.tar.xz
 a9b2447a0503e4927086ed714507051d 9651 net optional frr_8.4.4-1.1ubuntu2_source.buildinfo
Original-Maintainer: David Lamparter <equinox-debian at diac24.net>

More information about the noble-changes mailing list