Headline
RHSA-2023:2202: Red Hat Security Advisory: frr security, bug fix, and enhancement update
An update for frr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-37032: A vulnerability was found in FRRouting. This issue occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. An out-of-bounds read in the BGP daemon may lead to a segmentation fault and a denial of service.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2202 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: frr security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for frr is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
The following packages have been upgraded to a later upstream version: frr (8.3.1). (BZ#2129731)
Security Fix(es):
- frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service (CVE-2022-37032)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2127494 - BGP incorrectly withdraws routes on graceful restart capable routers
- BZ - 2128713 - CVE-2022-37032 frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
- BZ - 2129731 - [RFE] Rebase FRR to the latest version
- BZ - 2129743 - [RFE] Add targeted SELinux policy for FRR
- BZ - 2144500 - AVC error when reloading FRR with provided reload script
- BZ - 2147522 - It is not possible to run FRR as a non-root user
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
frr-8.3.1-5.el9.src.rpm
SHA-256: 9a5c400a911c24db5ddd7d824bf6439621d8e3e2a196b182cdf6fc4def071974
x86_64
frr-8.3.1-5.el9.x86_64.rpm
SHA-256: dc0e43f122bc0f4fe7c0c158ccf2ca0090502961b9d4e9dd6086ce8af6eb9df4
frr-debuginfo-8.3.1-5.el9.x86_64.rpm
SHA-256: 8ed48be0cdad3e8ab58c9bdb2e40d9b0230ef7bac0ff04292cb908a0539f1ede
frr-debugsource-8.3.1-5.el9.x86_64.rpm
SHA-256: add6df1f65e3f56f00dfebe5a8d3bd2f30d71fb6ca41cb7ca40279d35c850744
frr-selinux-8.3.1-5.el9.noarch.rpm
SHA-256: 1c2e9a7cb640fe0e13302b930290c3de0825cfbcdcc371ec9c711830ea08cdbe
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
frr-8.3.1-5.el9.src.rpm
SHA-256: 9a5c400a911c24db5ddd7d824bf6439621d8e3e2a196b182cdf6fc4def071974
s390x
frr-8.3.1-5.el9.s390x.rpm
SHA-256: 4b011c2fd5d4340299f6ae157c89efa704fba57b6fe3bd0a4d8dedaf24ce0fef
frr-debuginfo-8.3.1-5.el9.s390x.rpm
SHA-256: 02d17c6805268dbeefaa58e7c0772c44eb46cd847ac0dabf047775301c827ffe
frr-debugsource-8.3.1-5.el9.s390x.rpm
SHA-256: 132eb0490d999e1c40e6159d50b9d9085889bc0a032bec8642dc86e1ae7191ad
frr-selinux-8.3.1-5.el9.noarch.rpm
SHA-256: 1c2e9a7cb640fe0e13302b930290c3de0825cfbcdcc371ec9c711830ea08cdbe
Red Hat Enterprise Linux for Power, little endian 9
SRPM
frr-8.3.1-5.el9.src.rpm
SHA-256: 9a5c400a911c24db5ddd7d824bf6439621d8e3e2a196b182cdf6fc4def071974
ppc64le
frr-8.3.1-5.el9.ppc64le.rpm
SHA-256: 3a56b91c377a21afb58d683238656ad5afe96949d0ab599b53986cdb1a8811b7
frr-debuginfo-8.3.1-5.el9.ppc64le.rpm
SHA-256: f700c887583748ad02a3530ceca23ad10b010fcd296165c99f72cad09d5796df
frr-debugsource-8.3.1-5.el9.ppc64le.rpm
SHA-256: ed3589425db34db63d2e5c7101ad23bd594eb18593b6228429e90b7733cb6e39
frr-selinux-8.3.1-5.el9.noarch.rpm
SHA-256: 1c2e9a7cb640fe0e13302b930290c3de0825cfbcdcc371ec9c711830ea08cdbe
Red Hat Enterprise Linux for ARM 64 9
SRPM
frr-8.3.1-5.el9.src.rpm
SHA-256: 9a5c400a911c24db5ddd7d824bf6439621d8e3e2a196b182cdf6fc4def071974
aarch64
frr-8.3.1-5.el9.aarch64.rpm
SHA-256: a5db7a0f4d0e74dd533f382c3167927a153da218a5b08e9d80f2405ac51977dc
frr-debuginfo-8.3.1-5.el9.aarch64.rpm
SHA-256: 0018e5dd13dacc0df03bbd18489bfbcab22e9292f14f178cf0f25faab437b38a
frr-debugsource-8.3.1-5.el9.aarch64.rpm
SHA-256: 3b730c6cf708a70f4834ab76f2e0827d9a6deecfdae39b900bcf31d10fb19d1e
frr-selinux-8.3.1-5.el9.noarch.rpm
SHA-256: 1c2e9a7cb640fe0e13302b930290c3de0825cfbcdcc371ec9c711830ea08cdbe
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6482-1 - It was discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.
An update for frr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37032: A vulnerability was found in FRRouting. This issue occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. An out-of-bounds read in the BGP daemon may lead to a segmentation fault and a denial of service.
Debian Linux Security Advisory 5362-1 - An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
Ubuntu Security Notice 5685-1 - It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. It was discovered that FRR incorrectly handled processing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service, obtain sensitive information, or execute arbitrary code.
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.