Public bug reported: Upstream: tbd Debian: 10.1.1-0.1 Ubuntu: 10.0.1-0.1ubuntu2
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Jammy Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### frr (10.1.1-0.1) unstable; urgency=medium * Non-maintainer upload. * New upstream release. -- Daniel Baumann <[email protected]> Tue, 17 Sep 2024 05:15:20 +0200 frr (10.1-0.2) unstable; urgency=medium * Non-maintainer upload to unstable. -- Daniel Baumann <[email protected]> Wed, 11 Sep 2024 13:57:30 +0200 frr (10.1-0.1) experimental; urgency=medium * Non-maintainer upload. * New upstream release. * Removing add-XREF_SETUP-to-libraries-and-utilites.patch, included upstream. * Adding conditional in rules to fix FTBFS when building without frr-test-tools. -- Daniel Baumann <[email protected]> Mon, 05 Aug 2024 09:11:22 +0200 frr (10.0.1-0.1) unstable; urgency=medium * Non-maintainer upload. * New upstream release: - an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash [CVE-2024-31948] (Closes: #1072126) - an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing [CVE-2024-31949] (Closes: #1072125) - there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated) [CVE-2024-31950] (Closes: #1070377) - there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated) [CVE-2024-31951 (Closes: #1070377) - ospf_te_parse_te in ospfd/ospf_te.c allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field [CVE-2024-27913] - it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service [CVE-2024-34088] (Closes: #1070377) -- Daniel Baumann <[email protected]> Sat, 27 Jul 2024 02:19:29 +0200 frr (10.0-2) unstable; urgency=medium * fix build on hppa * only use libunwind on architectures where it is available * remove /var/lib/frr on purge * drop some ancient dependency alternates -- David Lamparter <[email protected]> Fri, 03 May 2024 14:53:50 +0200 frr (10.0-1) unstable; urgency=medium * IRDP module is no longer packaged (slated to be removed upstream) * added mkdir+chown /var/lib/frr which is now used by FRR * sysconfdir and localstatedir configure args are no longer needed * NB: refer to never-released 8.5.2-1 changes below! * Link libatomic unconditionally (closes: #1067077) * known to not build on hppa due to struct.calcsize python exception -- David Lamparter <[email protected]> Tue, 30 Apr 2024 19:36:44 +0200 frr (10.0-0.2) unstable; urgency=medium * Non-maintainer upload. * Linking with atomic like armel to fix FTBFS. -- Daniel Baumann <[email protected]> Sat, 27 Apr 2024 07:44:24 +0200 frr (10.0-0.1) unstable; urgency=medium * Non-maintainer upload. * New upstream release. * Bumping libyang2 build-depends to required version. * Removing CVE-2024-27913.patch, included upstream. * Adding now explicit configure flag to keep enabled building zebra_irdp. -- Daniel Baumann <[email protected]> Sat, 27 Apr 2024 05:46:52 +0200 frr (9.1-0.1) unstable; urgency=high * Non-maintainer upload. * New upstream release (Closes: #1042473, #1055852): - CVE-2023-3748: parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. - CVE-2023-38407: bgpd/bgp_label.c attempts to read beyond the end of the stream during labeled unicast parsing. - CVE-2023-41361: bgpd/bgp_open.c does not check for an overly large length of the rcv software version. ### Old Ubuntu Delta ### frr (10.0.1-0.1ubuntu2) oracular; urgency=medium * SECURITY UPDATE: BGP overflow via TLV value - debian/patches/CVE-2024-44070.patch: check the actual remaining stream length before taking TLV value in bgpd/bgp_attr.c. - CVE-2024-44070 -- Marc Deslauriers <[email protected]> Tue, 10 Sep 2024 07:35:31 -0400 frr (10.0.1-0.1ubuntu1) oracular; urgency=medium * Merge with Debian unstable (LP: #2064404). Remaining changes: - Fix logging with Ubuntu's unprivileged rsyslog (LP #1958162): + d/frr.postinst: change log files ownership + d/frr.logrotate: change rotated log file ownership * Dropped security patches included upstream: - SECURITY UPDATE: DoS via MP_REACH_NLRI data + debian/patches/CVE-2023-46752.patch: handle MP_REACH_NLRI malformed packets with session reset in bgpd/bgp_attr.c, bgpd/bgp_attr.h, bgpd/bgp_packet.c. + CVE-2023-46752 - SECURITY UPDATE: DoS via BGP UPDATE without mandatory attributes + debian/patches/CVE-2023-46753.patch: check mandatory attributes more carefully for UPDATE message in bgpd/bgp_attr.c. + CVE-2023-46753 - SECURITY UPDATE: read beyond stream during labeled unicast parsing + debian/patches/CVE-2023-38407.patch: fix use beyond end of stream of labeled unicast parsing in bgpd/bgp_label.c. + CVE-2023-38407 - SECURITY UPDATE: crash via malformed BGP UPDATE message + debian/patches/CVE-2023-47235.patch: treat EOR as withdrawn to avoid unwanted handling of malformed attrs in bgpd/bgp_attr.c. + CVE-2023-47235 - SECURITY UPDATE: crash via MP_UNREACH_NLRI attribute + debian/patches/CVE-2023-47234.patch: ignore handling NLRIs if we received MP_UNREACH_NLRI in bgpd/bgp_attr.c, bgpd/bgp_attr.h, bgpd/bgp_packet.c. + CVE-2023-47234 - SECURITY UPDATE: DoS via malformed OSPF LSA packet + debian/patches/CVE-2024-27913.patch: solved crash in OSPF TE parsing in ospfd/ospf_te.c. + CVE-2024-27913 -- Andreas Hasenack <[email protected]> Mon, 29 Jul 2024 09:49:25 -0300 ** Affects: frr (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: frr (Ubuntu) Milestone: None => ubuntu-25.01 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2085232 Title: Merge frr from Debian unstable for jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/frr/+bug/2085232/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
