- Issued:
- 2024-05-22
- Updated:
- 2024-05-22
RHSA-2024:2981 - Security Advisory
Synopsis
Moderate: frr security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for frr is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
- frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490)
- frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358)
- frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909)
- frr: mishandled malformed data leading to a crash (CVE-2023-46752)
- frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2235839 - CVE-2023-41358 frr: processes invalid NLRIs if attribute length is zero
- BZ - 2237416 - CVE-2023-41909 frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c
- BZ - 2238992 - CVE-2023-31490 frr: missing length check in bgp_attr_psid_sub() can lead do DoS
- BZ - 2246379 - CVE-2023-46752 frr: mishandled malformed data leading to a crash
- BZ - 2246381 - CVE-2023-46753 frr: crafted BGP UPDATE message leading to a crash
- RHEL-12039 - crash in plist update (trie_install_fn)
- RHEL-2263 - eBGP multihop peer flapping due to delta miscalculation of new configuration
- RHEL-6583 - Routes are not refreshed after changing the inbound route rules from deny to permit
- RHEL-22303 - Zebra not fetching host routes
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| frr-7.5.1-22.el8.src.rpm | SHA-256: 9c6d20e602c7080310bd22412d00db209c2b735e93951ef0def245c3f89b4580 |
| x86_64 | |
| frr-7.5.1-22.el8.x86_64.rpm | SHA-256: 9040922701a9448d7db2af4555c2271b9109dc887722d7d952bc14f82a0f99d4 |
| frr-debuginfo-7.5.1-22.el8.x86_64.rpm | SHA-256: 0f64862f8719ef40706d10cf5af91e9c199545fd548e94cc1e30697aa438996a |
| frr-debugsource-7.5.1-22.el8.x86_64.rpm | SHA-256: 24790f58a90c43e544c817e9bfca5c2ab72f6a4c50c76a472ca4bb8a5191d970 |
| frr-selinux-7.5.1-22.el8.noarch.rpm | SHA-256: a52554a0884ac67d0c6dcef853ca89ed7e825701674c824a1d31c24332112e56 |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| frr-7.5.1-22.el8.src.rpm | SHA-256: 9c6d20e602c7080310bd22412d00db209c2b735e93951ef0def245c3f89b4580 |
| s390x | |
| frr-7.5.1-22.el8.s390x.rpm | SHA-256: e0497b61954cda2615846b7ec65d160885a66fdde99df140baadb48d4c77cf79 |
| frr-debuginfo-7.5.1-22.el8.s390x.rpm | SHA-256: 7ecc9b698601be189996c0e57399d71ef49f2c377088ad984a5f458b618d2fd5 |
| frr-debugsource-7.5.1-22.el8.s390x.rpm | SHA-256: ac85923c0495202f88bd7411d8024fe16ec4dd62b30f536c2b6a5c33dd700d2a |
| frr-selinux-7.5.1-22.el8.noarch.rpm | SHA-256: a52554a0884ac67d0c6dcef853ca89ed7e825701674c824a1d31c24332112e56 |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| frr-7.5.1-22.el8.src.rpm | SHA-256: 9c6d20e602c7080310bd22412d00db209c2b735e93951ef0def245c3f89b4580 |
| ppc64le | |
| frr-7.5.1-22.el8.ppc64le.rpm | SHA-256: ff3571a83e0950b22a9141b9a93ab61c796484d8afef9b46b76a9e4f0000c939 |
| frr-debuginfo-7.5.1-22.el8.ppc64le.rpm | SHA-256: aa9395aca73f60009f967b858e97e7b772353a28b87cb2d10dabe1391f399f17 |
| frr-debugsource-7.5.1-22.el8.ppc64le.rpm | SHA-256: f5c08197f8a93a05128b6ece5ed5f8cab9be6748d2672e5ca7490b1dde933c6a |
| frr-selinux-7.5.1-22.el8.noarch.rpm | SHA-256: a52554a0884ac67d0c6dcef853ca89ed7e825701674c824a1d31c24332112e56 |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| frr-7.5.1-22.el8.src.rpm | SHA-256: 9c6d20e602c7080310bd22412d00db209c2b735e93951ef0def245c3f89b4580 |
| aarch64 | |
| frr-7.5.1-22.el8.aarch64.rpm | SHA-256: 7d22b484f22dcc6ee5cc864dd165b23d8b03c567c2a5bfd56987600180ec3674 |
| frr-debuginfo-7.5.1-22.el8.aarch64.rpm | SHA-256: bf287e7961b64ab8d2d5a9741ae49f59930ba4fffdbfc61a412d10d434d34647 |
| frr-debugsource-7.5.1-22.el8.aarch64.rpm | SHA-256: c749a51787f9b4b8c27c6ebc074d5581a3bd5882d3b0831f67f9c65e4372b05b |
| frr-selinux-7.5.1-22.el8.noarch.rpm | SHA-256: a52554a0884ac67d0c6dcef853ca89ed7e825701674c824a1d31c24332112e56 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
