Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6498-1

Ubuntu Security Notice 6498-1 - It was discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

Packet Storm
Open in Source
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6498-1November 21, 2023frr vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:Several security issues were fixed in FRR.Software Description:- frr: FRRouting suite of internet protocolsDetails:It was discovered that FRR incorrectly handled certain BGP messages. Aremote attacker could possibly use this issue to cause FRR to crash,resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   frr                             8.4.4-1.1ubuntu1.2Ubuntu 23.04:   frr                             8.4.2-1ubuntu1.6Ubuntu 22.04 LTS:   frr                             8.1-1ubuntu1.8In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6498-1   CVE-2023-38406, CVE-2023-38407, CVE-2023-47234, CVE-2023-47235Package Information:   https://launchpad.net/ubuntu/+source/frr/8.4.4-1.1ubuntu1.2   https://launchpad.net/ubuntu/+source/frr/8.4.2-1ubuntu1.6   https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.8

Related news

Red Hat Security Advisory 2024-1152-03

Red Hat Security Advisory 2024-1152-03 - An update for frr is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2024-1093-03

Red Hat Security Advisory 2024-1093-03 - An update for frr is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds read vulnerability.

CVE-2023-38406: bgpd: Flowspec overflow issue by donaldsharp · Pull Request #12884 · FRRouting/frr

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."

CVE-2023-38407: bgpd: Fix use beyond end of stream of labeled unicast parsing (backport #12951) by mergify[bot] · Pull Request #12956 · FRRouting/frr

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

CVE-2023-47234: bgpd: A couple more bgpd crash fixes for malformed packets by ton31337 · Pull Request #14716 · FRRouting/frr

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

CVE
Open in Source
CVE-2023-47235: bgpd: A couple more bgpd crash fixes for malformed packets by ton31337 · Pull Request #14716 · FRRouting/frr

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.

CVE
Open in Source

Packet Storm: Latest News

WordPress Really Simple Security Authentication Bypass
Packet Storm