Ubuntu alert USN-6323-1 (frr) [LWN.net]

From:
               Mark Esler <mark.esler@canonical.com>
To:
               ubuntu-security-announce@lists.ubuntu.com
Subject:
               [USN-6323-1] FRR vulnerability
Date:
               Wed, 30 Aug 2023 22:03:53 -0500
Message-ID:
               <24dc1cd5-b2c9-42cb-a64c-fb3511300110@canonical.com>
==========================================================================
Ubuntu Security Notice USN-6323-1
August 31, 2023

frr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS

Summary:

FRR could be made to close sessions if it received speacially
crafted network traffic.

Software Description:
- frr: FRRouting suite of internet protocols

Details:

Ben Cartwright-Cox discovered that FRR did not handle RFC 7606
attributes properly. A remote attacker could possibly use this to
cause denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   frr                             8.4.2-1ubuntu1.3

Ubuntu 22.04 LTS:
   frr                             8.1-1ubuntu1.5

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6323-1
   CVE-2023-31490

Package Information:
   https://launchpad.net/ubuntu/+source/frr/8.4.2-1ubuntu1.3
   https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.5

From:		Mark Esler <mark.esler@canonical.com>
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-6323-1] FRR vulnerability
Date:		Wed, 30 Aug 2023 22:03:53 -0500
Message-ID:		<24dc1cd5-b2c9-42cb-a64c-fb3511300110@canonical.com>