Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 20.04 LTS USN-6807-1 Critical: frr Denial of Service Threat

ubuntu
Calendar Grey June 5, 2024
Dist Ubuntu Esm H88
Secure your Ubuntu 20.04 LTS system against FRRouting vulnerabilities that may impact network performance and cause Denial of Service incidents by following these steps
FRR could be made to crash or run programs if it received specially crafted network traffic.

Summary

FRR could be made to crash or run programs if it received

specially crafted network traffic.

Software Description:

- frr: FRRouting suite of internet protocols

Details:

It was discovered that FRR incorrectly handled certain network traffic.

A remote attacker could possibly use this issue to cause FRR to crash,

resulting in a denial of service. (CVE-2022-26126, CVE-2022-26127,

CVE-2022-26128, CVE-2022-26129, CVE-2022-37032, CVE-2022-37035,

CVE-2023-31490, CVE-2023-38406, CVE-2023-38407, CVE-2023-46752,

CVE-2023-46753, CVE-2023-47234, CVE-2023-47235, CVE-2024-31948)

Ben Cartwright-Cox discovered that FRR incorrectly handled certain

network traffic. A remote attacker could possibly use this issue to cause

FRR to crash, resulting in a denial of service. (CVE-2023-38802)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
   frr                             7.2.1-1ubuntu0.2+esm2
                                   Available with Ubuntu Pro

After a standard system update you need to restart FRR to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6807-1

CVE-2022-26126, CVE-2022-26127, CVE-2022-26128, CVE-2022-26129,

CVE-2022-37032, CVE-2022-37035, CVE-2023-31490, CVE-2023-38406,

CVE-2023-38407, CVE-2023-38802, CVE-2023-46752, CVE-2023-46753,

CVE-2023-47234, CVE-2023-47235, CVE-2024-31948

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6807-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here