[ubuntu/questing-security] frr 10.4.1-3ubuntu1.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jun 3 13:06:38 UTC 2026
frr (10.4.1-3ubuntu1.4) questing-security; urgency=medium
* SECURITY UPDATE: integer overflow in OSPF parsing
- debian/patches/CVE-2026-28532.patch: ospfd: harden TE/SR TLV iteration
against malformed lengths in ospfd/ospf_sr.c, ospfd/ospf_te.c.
- CVE-2026-28532
* SECURITY UPDATE: DoS via crafted FlowSpec component
- debian/patches/CVE-2026-37457.patch: bgpd: fix off-by-one error in
FlowSpec operator array bounds check in bgpd/bgp_flowspec_util.c.
- CVE-2026-37457
* SECURITY UPDATE: DoS via crafted UPDATE message
- debian/patches/CVE-2026-37458.patch: bgpd: Validate MP_REACH_NLRI
attribute against incorrect next-hop in bgpd/bgp_attr.c.
- CVE-2026-37458
* SECURITY UPDATE: DoS via crafted BGP UPDATE message
- debian/patches/CVE-2026-37459.patch: bgpd: Check if the NHC length is
enough to fill TLV value + TLV header in bgpd/bgp_attr.c.
- CVE-2026-37459
frr (10.4.1-3ubuntu1.3) questing; urgency=medium
* d/ffr.postinst: reintroduce a check for the syslog user's
existence before chowning /var/log/frr to it (LP: #1991812).
Date: 2026-05-30 16:14:09.998626+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/frr/10.4.1-3ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list