-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5495-1                   security@debian.org
https://www.debian.org/security/                                  Aron Xu
September 11, 2023                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : frr
CVE ID         : CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681 
                 CVE-2023-31490 CVE-2023-38802 CVE-2023-41358
Debian Bug     : 1035829 1036062

Brief introduction 

Multiple vulnerbilities were discovered in frr, the FRRouting suite of
internet protocols, while processing malformed requests and packets the BGP
daemon may have reachable assertions, NULL pointer dereference, out-of-bounds
memory access, which may lead to denial of service attack.

For the oldstable distribution (bullseye), these problems have been fixed
in version 7.5.1-1.1+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 8.4.4-1.1~deb12u1.

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/frr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmT+vCQACgkQO1LKKgqv
2VTdlwf9Ez2k1hBPYWNge7Izunc6ovIAEeDkSLjAFYU/sEn8ehb2KQAvU27AxtxD
0sYhV1XFD0y8gqQIngSgpVD+XKvclPTihS8h48Yx+C3M2e1ce5SnDytvM4AZ9w7f
maHvbysQL1QrKB4TyIr3jnikcMIWgwyzaRTmIpqryFabO44SSSe+Ysn8Mvdbh3p5
Zzb9Udm/5iZWybYVO4aO0fndrq8TnfNe9uJCKd6MjUR/0Byppzmzt5lUm8PoW4wu
xIgwpy9hXXCUD/ttQztKeK2FScQbz1xSNz6RdomyzDK+dVZ+BnihPUNWECweH9UA
m8laSkRR1QzCOEjVGB6pcIge0IKl/w==
=t+W8
-----END PGP SIGNATURE-----