[ubuntu/kinetic-proposed] frr 8.1-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Oct 6 17:10:47 UTC 2022 

frr (8.1-1ubuntu3) kinetic; urgency=medium

  * SECURITY UPDATE: DoS via out-of-bounds read
    - debian/patches/CVE-2022-37032.patch: make sure hdr length is at a
      minimum of what is expected in bgpd/bgp_packet.c.
    - CVE-2022-37032
  * SECURITY UPDATE: use-after-free due to a race condition
    - debian/patches/CVE-2022-37035.patch: avoid notify race between io and
      main pthreads in bgpd/bgp_io.c, bgpd/bgp_packet.c, bgpd/bgp_packet.h.
    - CVE-2022-37035

Date: Wed, 05 Oct 2022 12:31:38 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu3
-------------- next part --------------
Format: 1.8
Date: Wed, 05 Oct 2022 12:31:38 -0400
Source: frr
Built-For-Profiles: noudeb
Architecture: source
Version: 8.1-1ubuntu3
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 frr (8.1-1ubuntu3) kinetic; urgency=medium
 .
   * SECURITY UPDATE: DoS via out-of-bounds read
     - debian/patches/CVE-2022-37032.patch: make sure hdr length is at a
       minimum of what is expected in bgpd/bgp_packet.c.
     - CVE-2022-37032
   * SECURITY UPDATE: use-after-free due to a race condition
     - debian/patches/CVE-2022-37035.patch: avoid notify race between io and
       main pthreads in bgpd/bgp_io.c, bgpd/bgp_packet.c, bgpd/bgp_packet.h.
     - CVE-2022-37035
Checksums-Sha1:
 9f9a1bf9966576eba91dae7c0b081294d48146d5 2717 frr_8.1-1ubuntu3.dsc
 d689ed4d63fe049366610a10c394a83018ecc0f5 38260 frr_8.1-1ubuntu3.debian.tar.xz
 eb8b44a26c62cd2060849ee173d72b8e59f89989 10556 frr_8.1-1ubuntu3_source.buildinfo
Checksums-Sha256:
 86ac90b6bfe3dfa899de31dc2782f0125b03936812b54b82a25965fa638b8d52 2717 frr_8.1-1ubuntu3.dsc
 7e29201375112c16dc8ce1d65f3a5d249da80eef63b6445a9df96f90c7bbed1e 38260 frr_8.1-1ubuntu3.debian.tar.xz
 9af88cbe5030c74a133a002e98813eb9e053041fd24eef9b480e0da453001dda 10556 frr_8.1-1ubuntu3_source.buildinfo
Files:
 a57bc7aadaf4f319637911e43dfbce3b 2717 net optional frr_8.1-1ubuntu3.dsc
 0eec9e114b7655516358caa6b3339a3e 38260 net optional frr_8.1-1ubuntu3.debian.tar.xz
 fc70479dcd5e8d42ef67bb63f2af3f4e 10556 net optional frr_8.1-1ubuntu3_source.buildinfo
Original-Maintainer: David Lamparter <equinox-debian at diac24.net>

More information about the kinetic-changes mailing list