Ubuntu 26.04 LTS 8376-1 frr Critical Denial of Service Security Advisory
ubuntu
June 3, 2026
Several security issues were fixed in FRR.
Summary
Several security issues were fixed in FRR.
Software Description:
- frr: FRRouting suite of internet protocols
Details:
It was discovered that FRR incorrectly handled certain OSPF Traffic
Engineering and Segment Routing TLVs. An attacker could possibly use this
issue to cause FRR to crash, resulting in a denial of service.
(CVE-2026-28532)
It was discovered that FRR incorrectly handled certain BGP FlowSpec
components. An attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. (CVE-2026-37457)
It was discovered that FRR did not properly validate certain MP_REACH_NLRI
messages. An authenticated user could possibly use this issue to cause FRR
to crash, resulting in a denial of service. (CVE-2026-37458)
It was discovered that FRR incorrectly handled processing certain BGP
UPDATE messages. An attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. This issue only affected Ubuntu
25.04 and Ubuntu 25.10. ...
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS frr 10.5.1-1ubuntu4.1 Ubuntu 25.10 frr 10.4.1-3ubuntu1.4 Ubuntu 24.04 LTS frr 8.4.4-1.1ubuntu6.7 Ubuntu 22.04 LTS frr 8.1-1ubuntu1.16 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8376-1
CVE-2026-28532, CVE-2026-37457, CVE-2026-37458, CVE-2026-37459
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8376-1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!