frr-8.3.1-5.el9.ML.1

エラータID: AXSA:2023-5523:02

Release date: 
Thursday, May 25, 2023 - 03:00
Subject: 
frr-8.3.1-5.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

The following packages have been upgraded to a later upstream version: frr (8.3.1). (BZ#2129731)

Security Fix(es):

* frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service (CVE-2022-37032)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.2 Release Notes linked from the References section.

CVE-2022-37032
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

Solution: 

Update packages.

CVEs: 
CVE-2022-37032
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
Additional Info: 

N/A

Download: 

SRPMS
  1. frr-8.3.1-5.el9.ML.1.src.rpm
    MD5: 126c416553390fed74564e0158723eb7
    SHA-256: 3d0a38f2e0647eece2fd1241460371c4b387f6721c6ffc84ee204b8f4d8078dd
    Size: 9.05 MB

Asianux Server 9 for x86_64
  1. frr-8.3.1-5.el9.ML.1.x86_64.rpm
    MD5: 32ba7a7352cf03f3ed39bdcac51d72c1
    SHA-256: ec8e6031d5650ac9a947025bc9a7bacdd89250c98ecd3e4f358cac0434182f1e
    Size: 4.46 MB
  2. frr-selinux-8.3.1-5.el9.ML.1.noarch.rpm
    MD5: de39faf00c17ee247bf91c7555ba73a4
    SHA-256: 58772e8023a7639fcb36779f26d4c46412a23f3cb92b69fca0b118f4b89eb37d
    Size: 23.10 kB