Red Hat Product Errata RHSA-2024:0574 - Security Advisory
Issued:
2024-01-30
Updated:
2024-01-30

RHSA-2024:0574 - Security Advisory

Synopsis

Moderate: frr security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for frr is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

Security Fix(es):

  • ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)
  • ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)
  • frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)
  • frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2248207 - CVE-2023-47235 frr: crash from malformed EOR-containing BGP UPDATE message
  • BZ - 2248208 - CVE-2023-47234 frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
  • BZ - 2248526 - CVE-2023-38406 ffr: Flowspec overflow in bgpd/bgp_flowspec.c
  • BZ - 2248528 - CVE-2023-38407 ffr: Out of bounds read in bgpd/bgp_label.c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
frr-7.5.1-7.el8_8.5.src.rpm SHA-256: bcf97155e0c1fe682e644d7128e4b5e8ddf29b94edb577dc3fc9929499733c76
x86_64
frr-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: 4723b93d7a8476c99a9cbded2121728339e935cd7aba65effe6f80d3188aa9aa
frr-debuginfo-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: 0eb620562783253d86f512409b01c4b4aaad2c6a5b8ab30acce0fc52bc95a046
frr-debugsource-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: cc46f48123fbb4b3e896d1023936a0a5c0663c54d08c821b97bd94ae64ecd2f6
frr-selinux-7.5.1-7.el8_8.5.noarch.rpm SHA-256: bd1620ef14b242aed9b86d019fe8193c751426f58dba867a9b11f4488892da97

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
frr-7.5.1-7.el8_8.5.src.rpm SHA-256: bcf97155e0c1fe682e644d7128e4b5e8ddf29b94edb577dc3fc9929499733c76
s390x
frr-7.5.1-7.el8_8.5.s390x.rpm SHA-256: c06924a8e70f9e3c8768f113432a302480893cff6be5ad4f99bc11037dfe71ff
frr-debuginfo-7.5.1-7.el8_8.5.s390x.rpm SHA-256: 70a490613b34bcc8df97ebaa34f560cd932b57a7ff8cb5aef8d2b800d3317399
frr-debugsource-7.5.1-7.el8_8.5.s390x.rpm SHA-256: d27e8791e0f839abf4854d0cfd55d9eb6cf372d85a83431f10d8c99e339c1958
frr-selinux-7.5.1-7.el8_8.5.noarch.rpm SHA-256: bd1620ef14b242aed9b86d019fe8193c751426f58dba867a9b11f4488892da97

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
frr-7.5.1-7.el8_8.5.src.rpm SHA-256: bcf97155e0c1fe682e644d7128e4b5e8ddf29b94edb577dc3fc9929499733c76
ppc64le
frr-7.5.1-7.el8_8.5.ppc64le.rpm SHA-256: d8efcc13952a7fd3723cc6153d8dd44cd3e7385440b5c70c705405fb61966077
frr-debuginfo-7.5.1-7.el8_8.5.ppc64le.rpm SHA-256: d11aff0a6ed1be101491d1aa2cb0a9bf65650c74666e6b24dde1bfd9df926bc8
frr-debugsource-7.5.1-7.el8_8.5.ppc64le.rpm SHA-256: afc0af753b5877c893d289c9b6a32f76d19b48269ce10b549af2bdce90de1240
frr-selinux-7.5.1-7.el8_8.5.noarch.rpm SHA-256: bd1620ef14b242aed9b86d019fe8193c751426f58dba867a9b11f4488892da97

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
frr-7.5.1-7.el8_8.5.src.rpm SHA-256: bcf97155e0c1fe682e644d7128e4b5e8ddf29b94edb577dc3fc9929499733c76
x86_64
frr-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: 4723b93d7a8476c99a9cbded2121728339e935cd7aba65effe6f80d3188aa9aa
frr-debuginfo-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: 0eb620562783253d86f512409b01c4b4aaad2c6a5b8ab30acce0fc52bc95a046
frr-debugsource-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: cc46f48123fbb4b3e896d1023936a0a5c0663c54d08c821b97bd94ae64ecd2f6
frr-selinux-7.5.1-7.el8_8.5.noarch.rpm SHA-256: bd1620ef14b242aed9b86d019fe8193c751426f58dba867a9b11f4488892da97

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
frr-7.5.1-7.el8_8.5.src.rpm SHA-256: bcf97155e0c1fe682e644d7128e4b5e8ddf29b94edb577dc3fc9929499733c76
aarch64
frr-7.5.1-7.el8_8.5.aarch64.rpm SHA-256: 8431091b99c2399ad354818c3c13268c1cb07b39318ab6545f39aa86652d79b2
frr-debuginfo-7.5.1-7.el8_8.5.aarch64.rpm SHA-256: a7f90e21bbb82d7100a55a647a8e40995e77294e1ed510b8addc0e44fcf55802
frr-debugsource-7.5.1-7.el8_8.5.aarch64.rpm SHA-256: 3cd92143618da51ea58ed23182f5e443288d72440f49cf4384ec1229c4d5d9b6
frr-selinux-7.5.1-7.el8_8.5.noarch.rpm SHA-256: bd1620ef14b242aed9b86d019fe8193c751426f58dba867a9b11f4488892da97

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
frr-7.5.1-7.el8_8.5.src.rpm SHA-256: bcf97155e0c1fe682e644d7128e4b5e8ddf29b94edb577dc3fc9929499733c76
ppc64le
frr-7.5.1-7.el8_8.5.ppc64le.rpm SHA-256: d8efcc13952a7fd3723cc6153d8dd44cd3e7385440b5c70c705405fb61966077
frr-debuginfo-7.5.1-7.el8_8.5.ppc64le.rpm SHA-256: d11aff0a6ed1be101491d1aa2cb0a9bf65650c74666e6b24dde1bfd9df926bc8
frr-debugsource-7.5.1-7.el8_8.5.ppc64le.rpm SHA-256: afc0af753b5877c893d289c9b6a32f76d19b48269ce10b549af2bdce90de1240
frr-selinux-7.5.1-7.el8_8.5.noarch.rpm SHA-256: bd1620ef14b242aed9b86d019fe8193c751426f58dba867a9b11f4488892da97

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
frr-7.5.1-7.el8_8.5.src.rpm SHA-256: bcf97155e0c1fe682e644d7128e4b5e8ddf29b94edb577dc3fc9929499733c76
x86_64
frr-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: 4723b93d7a8476c99a9cbded2121728339e935cd7aba65effe6f80d3188aa9aa
frr-debuginfo-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: 0eb620562783253d86f512409b01c4b4aaad2c6a5b8ab30acce0fc52bc95a046
frr-debugsource-7.5.1-7.el8_8.5.x86_64.rpm SHA-256: cc46f48123fbb4b3e896d1023936a0a5c0663c54d08c821b97bd94ae64ecd2f6
frr-selinux-7.5.1-7.el8_8.5.noarch.rpm SHA-256: bd1620ef14b242aed9b86d019fe8193c751426f58dba867a9b11f4488892da97

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.