-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 Mar 2024 23:21:21 +0100 Source: frr Architecture: source Version: 9.1-0.1 Distribution: unstable Urgency: high Maintainer: David Lamparter <equinox-debian@diac24.net> Changed-By: Daniel Baumann <daniel.baumann@progress-linux.org> Closes: 1042473 1044470 1055852 1065144 Changes: frr (9.1-0.1) unstable; urgency=high . * Non-maintainer upload. * New upstream release (Closes: #1042473, #1055852): - CVE-2023-3748: parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. - CVE-2023-38407: bgpd/bgp_label.c attempts to read beyond the end of the stream during labeled unicast parsing. - CVE-2023-41361: bgpd/bgp_open.c does not check for an overly large length of the rcv software version. - CVE-2023-46752: It mishandles malformed MP_REACH_NLRI data, leading to a crash. - CVE-2023-46753: A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. - CVE-2023-47234: A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). - CVE-2023-47235: A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. * Updating patches: - removing CVE-2023-38802.patch, included upstream. - removing CVE-2023-41358.patch, included upstream. - removing CVE-2023-41360.patch, included upstream. - removing unapplied CVE-2023-41361.patch, included upstream. - adding CVE-2024-27913.patch from upstream: ospf_te_parse_te in ospfd/ospf_te.c allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field (Closes: #1065144). * Updating build-depends: - adding now required protobuf-c-compiler to build-depends. - adding now required libprotobuf-c-dev to build-depends. - adding new libmgmt_be_nb.so to frr.install. - removing obsolete lsb-base. - prefering new pkgconf over old pkg-config. * Updating override_dh_auto_clean to fix FTBFS when built twice in a row (Closes: #1044470): - call dh_auto_clean which is safe to run now. - remove tests/.pytest_cache. * Removing obsolete doc-base. Checksums-Sha1: fa8ccd2fbde1dd12bd2b9b75a6b1e73c429a5755 2734 frr_9.1-0.1.dsc b96093130eb27fd472e03a7fda3613f080dc6e99 8231024 frr_9.1.orig.tar.xz c0d3f1806539be400ea783f3d35f3967a530216d 32564 frr_9.1-0.1.debian.tar.xz f84ba762264d886a4458615178dc7c5a16794242 11698 frr_9.1-0.1_amd64.buildinfo Checksums-Sha256: fe61b7fc08e26ed1ed0555e5a41986a8c23a2d0014f048bd62659cfe683a6f86 2734 frr_9.1-0.1.dsc da24cc625121f7f215cc2c57dfb491266f7634b0b50422f8911bb0c44e812e60 8231024 frr_9.1.orig.tar.xz 0f6e95c12ddb133d420eabab1bf5bff2f001edec7473ea3a635887a02b113e24 32564 frr_9.1-0.1.debian.tar.xz 012b55f3fad830c07c6ddf3a05b96948b31a7e76fc6df42a97812059b28449be 11698 frr_9.1-0.1_amd64.buildinfo Files: 5b55fe3b9eb1abc04d1ce0155fc0cbc3 2734 net optional frr_9.1-0.1.dsc f87041fcdbcaa3663df69a9425f97876 8231024 net optional frr_9.1.orig.tar.xz 348a84a902d34edb280f6c83a4ba61db 32564 net optional frr_9.1-0.1.debian.tar.xz 8e99cdb7bc0b4d41ebe78090d829b0ce 11698 net optional frr_9.1-0.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmXrou4ACgkQVc8b+Yar ucfNPA/+LcXs6oES7ubU+eVvuDL1E5DFQLmYIdrtIyuqu0V7wo0OfzDk7vmzHaTf aCDvwFuGwVuDTVd/HfQU5lmrdB8Oty+OCZKjXRKgOtQsvkxD4Vit+EYGYa7cic82 O27zq27U7jm0Je9zyjMsk6etG27bQQVH+Synfuv4ju+1j+G+fsJ5ymxb1K20dEwV hnSZ7TVQOvmgtCRzuWeZuMvc1tbB6YGPhNDQLl2y6Vug15hKUfYqjOQrtLJHigvQ FsgQiDDDaFFWcKlmO3XizW38FKUS3N8a3v+KaF6Lmw19Sh0LGM8YLqkzoxf04E2o u6TtaZNXW82WiIboz1OUYAKP8olFYy+hBPspqjx8aVlUJlwdfNBsgTttphUB7AEE YsdG7VXncdpBONif5gWGPIQGKvJgjPSh7kzgpna4Yx4u9JaCd+b58ZoAPsgbM2Hs z7cY8DzNkboxBK0z2OC6+qsYt2UxTSwZS7FvlUWcNdP4+grensR9JurisOqDwNnQ bif1hvWPa26VPoBlfFFbOX9tthr5xxm3ojLi9oEI6+UBETdsJLZnye7k00s66lh/ MxknI0X+4RTwplId844psJFsh3Aql67t3ORmQ41orFlWCkz/esIYr1UvAlf1bFtA Hm2k55H59zn4O04eUC8GQUoWqI3p4Go1qlHvnjy2p6MOdW4uXl0= =7fB/ -----END PGP SIGNATURE-----
Attachment:
pgpUr_UzmxPnl.pgp
Description: PGP signature