Debian 9948 Published by

A frr security update has been released for Debian GNU/Linux 10 LTS. to address multiple security vulnerabilities.

[SECURITY] [DLA 3573-1] frr security update

Debian LTS Advisory DLA-3573-1 Markus Koschany
September 19, 2023

Package : frr
Version : 7.5.1-1.1+deb10u1
CVE ID : CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681
CVE-2023-31490 CVE-2023-38802 CVE-2023-41358 CVE-2023-41360
CVE-2023-41361 CVE-2023-41909
Debian Bug : 1035829 1036062

Multiple security vulnerabilities were found in frr, the FRRouting suite
of internet protocols. Maliciously constructed Border Gateway Protocol
(BGP) packages or corrupted tunnel attributes may cause a denial of service
(application crash) which could be exploited by a remote attacker.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: