Red Hat Product Errata RHSA-2024:2156 - Security Advisory
Issued:
2024-04-30
Updated:
2024-04-30

RHSA-2024:2156 - Security Advisory

Synopsis

Moderate: frr security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for frr is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

Security Fix(es):

  • frr: incorrect length check in bgp_capability_llgr() can lead do DoS (CVE-2023-31489)
  • frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490)
  • frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358)
  • frr: out of bounds read in bgp_attr_aigp_valid (CVE-2023-41359)
  • frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909)
  • frr: mishandled malformed data leading to a crash (CVE-2023-46752)
  • frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753)
  • frr: ahead-of-stream read of ORF header (CVE-2023-41360)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2235839 - CVE-2023-41358 frr: processes invalid NLRIs if attribute length is zero
  • BZ - 2235840 - CVE-2023-41359 frr: out of bounds read in bgp_attr_aigp_valid
  • BZ - 2235842 - CVE-2023-41360 frr: ahead-of-stream read of ORF header
  • BZ - 2237416 - CVE-2023-41909 frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c
  • BZ - 2238990 - CVE-2023-31489 frr: incorrect length check in bgp_capability_llgr() can lead do DoS
  • BZ - 2238992 - CVE-2023-31490 frr: missing length check in bgp_attr_psid_sub() can lead do DoS
  • BZ - 2246379 - CVE-2023-46752 frr: mishandled malformed data leading to a crash
  • BZ - 2246381 - CVE-2023-46753 frr: crafted BGP UPDATE message leading to a crash
  • RHEL-11664 - eBGP multihop peer flapping due to delta miscalculation of new configuration
  • RHEL-15291 - [RFE] Rebase FRR to version 8.5.3 in RHEL9

Red Hat Enterprise Linux for x86_64 9

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
x86_64
frr-8.5.3-4.el9.x86_64.rpm SHA-256: f8852fa09d95c8b34dbda9c641f0b6637aacace0994673ec05449b022cb5d568
frr-debuginfo-8.5.3-4.el9.x86_64.rpm SHA-256: 76b123c356106605f9d4369bad490fa36194a8e71da5e178bc7d73edfa9bfb26
frr-debugsource-8.5.3-4.el9.x86_64.rpm SHA-256: 47d0d9e12fc0ebb64d9f8fa6b2b09f74f3a5ae8565e30e44cfcc9d680f2b38f0
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
x86_64
frr-8.5.3-4.el9.x86_64.rpm SHA-256: f8852fa09d95c8b34dbda9c641f0b6637aacace0994673ec05449b022cb5d568
frr-debuginfo-8.5.3-4.el9.x86_64.rpm SHA-256: 76b123c356106605f9d4369bad490fa36194a8e71da5e178bc7d73edfa9bfb26
frr-debugsource-8.5.3-4.el9.x86_64.rpm SHA-256: 47d0d9e12fc0ebb64d9f8fa6b2b09f74f3a5ae8565e30e44cfcc9d680f2b38f0
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
x86_64
frr-8.5.3-4.el9.x86_64.rpm SHA-256: f8852fa09d95c8b34dbda9c641f0b6637aacace0994673ec05449b022cb5d568
frr-debuginfo-8.5.3-4.el9.x86_64.rpm SHA-256: 76b123c356106605f9d4369bad490fa36194a8e71da5e178bc7d73edfa9bfb26
frr-debugsource-8.5.3-4.el9.x86_64.rpm SHA-256: 47d0d9e12fc0ebb64d9f8fa6b2b09f74f3a5ae8565e30e44cfcc9d680f2b38f0
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
s390x
frr-8.5.3-4.el9.s390x.rpm SHA-256: 90aeb9c071c2ccd452bfbbf17904562a36ca0cd7f68a95a78f1fc3b554663132
frr-debuginfo-8.5.3-4.el9.s390x.rpm SHA-256: dc8ef11910c5fe049646664931b6cbf276b22a7d6446ddd41af6b16c756318a9
frr-debugsource-8.5.3-4.el9.s390x.rpm SHA-256: 6613e7f250eff392beafc3a8f79be292399665fa4089f2b0af58084a79462285
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
s390x
frr-8.5.3-4.el9.s390x.rpm SHA-256: 90aeb9c071c2ccd452bfbbf17904562a36ca0cd7f68a95a78f1fc3b554663132
frr-debuginfo-8.5.3-4.el9.s390x.rpm SHA-256: dc8ef11910c5fe049646664931b6cbf276b22a7d6446ddd41af6b16c756318a9
frr-debugsource-8.5.3-4.el9.s390x.rpm SHA-256: 6613e7f250eff392beafc3a8f79be292399665fa4089f2b0af58084a79462285
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for Power, little endian 9

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
ppc64le
frr-8.5.3-4.el9.ppc64le.rpm SHA-256: f9a697c25c2093061b40855280aa71dec64a409d8ca989bfe3ffa1b46202ccaa
frr-debuginfo-8.5.3-4.el9.ppc64le.rpm SHA-256: a1658bd4d3b668cce37d665690f1f29c44dfc2c72273da5e0590ae31d3f5f4f4
frr-debugsource-8.5.3-4.el9.ppc64le.rpm SHA-256: dc8cd9f79bfe0e9bec5bb1ddb83de2920df7ea045800453f8112b40b9d53347f
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
ppc64le
frr-8.5.3-4.el9.ppc64le.rpm SHA-256: f9a697c25c2093061b40855280aa71dec64a409d8ca989bfe3ffa1b46202ccaa
frr-debuginfo-8.5.3-4.el9.ppc64le.rpm SHA-256: a1658bd4d3b668cce37d665690f1f29c44dfc2c72273da5e0590ae31d3f5f4f4
frr-debugsource-8.5.3-4.el9.ppc64le.rpm SHA-256: dc8cd9f79bfe0e9bec5bb1ddb83de2920df7ea045800453f8112b40b9d53347f
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for ARM 64 9

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
aarch64
frr-8.5.3-4.el9.aarch64.rpm SHA-256: 74bc194468b7c13d6f4dc29f1a782f4aaf3534d60701fe54ae2d1c65f84bacb3
frr-debuginfo-8.5.3-4.el9.aarch64.rpm SHA-256: f59b0ea1ffd1056e0c71035b66c23e6806e35862d526bf988f08db883b9b737e
frr-debugsource-8.5.3-4.el9.aarch64.rpm SHA-256: ac645b55dca52dc9be69ea46e8eb846da4c15734f7901eeea25d1ad733b0e9c7
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
aarch64
frr-8.5.3-4.el9.aarch64.rpm SHA-256: 74bc194468b7c13d6f4dc29f1a782f4aaf3534d60701fe54ae2d1c65f84bacb3
frr-debuginfo-8.5.3-4.el9.aarch64.rpm SHA-256: f59b0ea1ffd1056e0c71035b66c23e6806e35862d526bf988f08db883b9b737e
frr-debugsource-8.5.3-4.el9.aarch64.rpm SHA-256: ac645b55dca52dc9be69ea46e8eb846da4c15734f7901eeea25d1ad733b0e9c7
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
ppc64le
frr-8.5.3-4.el9.ppc64le.rpm SHA-256: f9a697c25c2093061b40855280aa71dec64a409d8ca989bfe3ffa1b46202ccaa
frr-debuginfo-8.5.3-4.el9.ppc64le.rpm SHA-256: a1658bd4d3b668cce37d665690f1f29c44dfc2c72273da5e0590ae31d3f5f4f4
frr-debugsource-8.5.3-4.el9.ppc64le.rpm SHA-256: dc8cd9f79bfe0e9bec5bb1ddb83de2920df7ea045800453f8112b40b9d53347f
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
x86_64
frr-8.5.3-4.el9.x86_64.rpm SHA-256: f8852fa09d95c8b34dbda9c641f0b6637aacace0994673ec05449b022cb5d568
frr-debuginfo-8.5.3-4.el9.x86_64.rpm SHA-256: 76b123c356106605f9d4369bad490fa36194a8e71da5e178bc7d73edfa9bfb26
frr-debugsource-8.5.3-4.el9.x86_64.rpm SHA-256: 47d0d9e12fc0ebb64d9f8fa6b2b09f74f3a5ae8565e30e44cfcc9d680f2b38f0
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
aarch64
frr-8.5.3-4.el9.aarch64.rpm SHA-256: 74bc194468b7c13d6f4dc29f1a782f4aaf3534d60701fe54ae2d1c65f84bacb3
frr-debuginfo-8.5.3-4.el9.aarch64.rpm SHA-256: f59b0ea1ffd1056e0c71035b66c23e6806e35862d526bf988f08db883b9b737e
frr-debugsource-8.5.3-4.el9.aarch64.rpm SHA-256: ac645b55dca52dc9be69ea46e8eb846da4c15734f7901eeea25d1ad733b0e9c7
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
frr-8.5.3-4.el9.src.rpm SHA-256: d1f6584dcfde6a9e690ca3473746e094841995dde5f60e59d09fefdcec69254b
s390x
frr-8.5.3-4.el9.s390x.rpm SHA-256: 90aeb9c071c2ccd452bfbbf17904562a36ca0cd7f68a95a78f1fc3b554663132
frr-debuginfo-8.5.3-4.el9.s390x.rpm SHA-256: dc8ef11910c5fe049646664931b6cbf276b22a7d6446ddd41af6b16c756318a9
frr-debugsource-8.5.3-4.el9.s390x.rpm SHA-256: 6613e7f250eff392beafc3a8f79be292399665fa4089f2b0af58084a79462285
frr-selinux-8.5.3-4.el9.noarch.rpm SHA-256: d9f1faad1265839fb96b20236bf47a3728f4ead640e7c8f4aeda72a8b0f61905

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.