Register | Log in

frr

FRRouting Internet routing protocol suite

Choose email to subscribe with

general

source: frr (main)
version: 10.3-3
maintainer: David Lamparter (DMD)
uploaders: Daniel Baumann [DMD] – FRRouting-dev [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 6.0.2-2+deb10u1
o-o-sec: 7.5.1-1.1+deb10u2
oldstable: 7.5.1-1.1+deb11u2
old-sec: 7.5.1-1.1+deb11u4
stable: 8.4.4-1.1~deb12u1
stable-sec: 8.4.4-1.1~deb12u1
testing: 10.3-2
unstable: 10.3-3

versioned links

6.0.2-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.5.1-1.1+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.5.1-1.1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.5.1-1.1+deb11u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.4.4-1.1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.3-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.3-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

frr
frr-doc
frr-pythontools
frr-rpki-rtrlib
frr-snmp

action needed

A new upstream version is available: 10.4-dev high

A new upstream version 10.4-dev is available, you should consider packaging it.

Created: 2025-05-02 Last update: 2025-05-06 00:30

15 security issues in bookworm high

There are 15 open security issues in bookworm.

15 important issues:

CVE-2023-3748: A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
CVE-2023-38407: bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-41361: An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
CVE-2023-46752: An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
CVE-2023-46753: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
CVE-2023-47234: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
CVE-2023-47235: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
CVE-2024-27913: ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
CVE-2024-31948: In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-31949: In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.
CVE-2024-31950: In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
CVE-2024-31951: In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVE-2024-34088: In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
CVE-2024-44070: An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-55553: In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

Created: 2023-05-05 Last update: 2025-05-02 12:01

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-05-03 Last update: 2025-05-03 00:00

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 10.3-3 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-04-16 Last update: 2025-05-02 15:03

testing migrations

excuses:
- Migration status for frr (10.3-2 to 10.3-3): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 4 of 10 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/f/frr.html
- ∙ ∙ autopkgtest for frr/10.3-3: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- Not considered

news

[2025-05-02] Accepted frr 10.3-3 (source) into unstable (Daniel Baumann)
[2025-04-26] frr 10.3-2 MIGRATED to testing (Debian testing watch)
[2025-04-16] Accepted frr 10.3-2 (source) into unstable (Daniel Baumann)
[2025-03-12] Accepted frr 10.3-1 (source) into unstable (Daniel Baumann)
[2025-02-24] frr 10.2.1-6 MIGRATED to testing (Debian testing watch)
[2025-02-20] Accepted frr 10.2.1-6 (source) into unstable (Daniel Baumann)
[2025-02-19] frr 10.2.1-5 MIGRATED to testing (Debian testing watch)
[2025-02-16] Accepted frr 10.2.1-5 (source) into unstable (Daniel Baumann)
[2025-02-11] Accepted frr 10.2.1-4 (source) into experimental (Daniel Baumann)
[2025-02-10] frr 10.2.1-3 MIGRATED to testing (Debian testing watch)
[2025-02-06] Accepted frr 10.2.1-3 (source) into unstable (Daniel Baumann)
[2025-01-23] Accepted frr 7.5.1-1.1+deb11u4 (source) into oldstable-security (Arturo Borrero Gonzalez)
[2025-01-17] frr 10.2.1-2 MIGRATED to testing (Debian testing watch)
[2025-01-14] Accepted frr 10.2.1-2 (source) into unstable (Daniel Baumann)
[2024-12-27] frr 10.2.1-1 MIGRATED to testing (Debian testing watch)
[2024-12-24] Accepted frr 10.2.1-1 (source) into unstable (Daniel Baumann)
[2024-12-19] frr 10.2-2 MIGRATED to testing (Debian testing watch)
[2024-12-16] Accepted frr 10.2-2 (source) into unstable (Daniel Baumann)
[2024-11-17] Accepted frr 10.2-1 (source) into unstable (Daniel Baumann)
[2024-11-12] Accepted frr 10.1.1-3 (source) into unstable (Daniel Baumann)
[2024-11-10] Accepted frr 10.1.1-2 (source) into unstable (Daniel Baumann)
[2024-11-09] Accepted frr 10.1.1-1 (source) into unstable (Daniel Baumann)
[2024-09-19] frr 10.1.1-0.1 MIGRATED to testing (Debian testing watch)
[2024-09-17] Accepted frr 10.1.1-0.1 (source) into unstable (Daniel Baumann)
[2024-09-13] frr 10.1-0.2 MIGRATED to testing (Debian testing watch)
[2024-09-11] Accepted frr 10.1-0.2 (source) into unstable (Daniel Baumann)
[2024-09-02] Accepted frr 7.5.1-1.1+deb11u3 (source) into oldstable-security (Tobias Frost)
[2024-08-05] Accepted frr 10.1-0.1 (source) into experimental (Daniel Baumann)
[2024-07-29] frr 10.0.1-0.1 MIGRATED to testing (Debian testing watch)
[2024-07-27] Accepted frr 10.0.1-0.1 (source) into unstable (Daniel Baumann)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 5)
buildd: logs, checks, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 10.2.1-1ubuntu3
patches for 10.2.1-1ubuntu3

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing