1. Ubuntu Security Notices
  2. USN-7230-2

USN-7230-2: FRR vulnerabilities

Publication date

27 January 2025

Overview

FRR could be made to crash or exhibit degraded performance if it received specially crafted network traffic.

Releases

Packages

  • frr - FRRouting suite of internet protocols

Details

Iggy Frankovic discovered that FRR incorrectly handled certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2024-44070)

It was discovered that FRR re-validated all routes in certain instances
when the internal socket’s buffer size overflowed. A remote attacker could
possibly use this issue to impact the performance of FRR, resulting in a
denial of service. (CVE-2024-55553)

Iggy Frankovic discovered that FRR incorrectly handled certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2024-44070)

It was discovered that FRR re-validated all routes in certain instances
when the internal socket’s buffer size overflowed. A remote attacker could
possibly use this issue to impact the performance of FRR, resulting in a
denial of service. (CVE-2024-55553)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.10 oracular frr –  10.0.1-0.1ubuntu3
24.04 noble frr –  8.4.4-1.1ubuntu6.3
22.04 jammy frr –  8.1-1ubuntu1.13
20.04 focal frr –  7.2.1-1ubuntu0.2+esm3  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›