Register | Log in

frr

FRRouting Internet routing protocol suite

Choose email to subscribe with

general

source: frr (main)
version: 10.6.1-2
maintainer: Daniel Baumann (DMD)
uploaders: David Lamparter [DMD] [DM]
arch: all
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.5.1-1.1+deb11u2
o-o-sec: 7.5.1-1.1+deb11u4
oldstable: 8.4.4-1.1~deb12u1
old-sec: 8.4.4-1.1~deb12u2
old-p-u: 8.4.4-1.1~deb12u2
stable: 10.3-3
stable-sec: 10.3-3+deb13u1
stable-p-u: 10.3-3+deb13u1
testing: 10.6.1-2
unstable: 10.6.1-2

versioned links

7.5.1-1.1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.5.1-1.1+deb11u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.4.4-1.1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.4.4-1.1~deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.3-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.3-3+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.6.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

frr (2 bugs: 0, 2, 0, 0)
frr-doc
frr-pythontools
frr-rpki-rtrlib
frr-snmp

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:01:31
Last run: 2026-06-03T18:26:42.000Z
Previous status: unknown

testing: fail (log)
The tests ran in 0:01:07
Last run: 2026-06-08T06:58:25.000Z
Previous status: unknown

stable: pass (log)
The tests ran in 0:01:21
Last run: 2025-11-09T08:42:43.000Z
Previous status: unknown

Created: 2025-11-23 Last update: 2026-06-11 02:30

15 security issues in bullseye high

There are 15 open security issues in bullseye.

15 important issues:

CVE-2026-5107: A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
CVE-2025-61099: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVE-2025-61100: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVE-2025-61101: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61102: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61103: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61104: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61105: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61106: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61107: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
CVE-2026-28532: FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system.
CVE-2026-37457: An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
CVE-2026-37458: Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
CVE-2026-37459: An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
CVE-2026-37460: Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Created: 2025-10-27 Last update: 2026-06-08 18:18

11 security issues in bookworm high

There are 11 open security issues in bookworm.

10 important issues:

CVE-2023-38407: bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-41361: An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
CVE-2023-46752: An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
CVE-2023-46753: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
CVE-2023-47234: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
CVE-2023-47235: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
CVE-2024-31948: In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-31949: In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.
CVE-2024-44070: An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-55553: In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

1 issue left for the package maintainer to handle:

CVE-2026-37460: (needs triaging) Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-05-05 Last update: 2026-06-08 18:18

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-06-04 Last update: 2026-06-04 04:30

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-37460: (needs triaging) Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-06-05 Last update: 2026-06-08 18:18

testing migrations

This package will soon be part of the auto-libyang transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2026-06-09] frr 10.6.1-2 MIGRATED to testing (Debian testing watch)
[2026-06-08] Accepted frr 10.3-3+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Aron Xu)
[2026-06-08] Accepted frr 8.4.4-1.1~deb12u2 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Aron Xu)
[2026-06-04] Accepted frr 10.3-3+deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Aron Xu)
[2026-06-04] Accepted frr 8.4.4-1.1~deb12u2 (source) into oldstable-security (Debian FTP Masters) (signed by: Aron Xu)
[2026-06-03] Accepted frr 10.6.1-2 (source) into unstable (Daniel Baumann)
[2026-04-30] frr 10.6.1-1 MIGRATED to testing (Debian testing watch)
[2026-04-24] Accepted frr 10.6.1-1 (source) into unstable (Daniel Baumann)
[2026-04-05] frr 10.6.0-2 MIGRATED to testing (Debian testing watch)
[2026-03-30] Accepted frr 10.6.0-2 (source) into unstable (Daniel Baumann)
[2026-03-30] Accepted frr 10.6.0-1 (source) into experimental (Daniel Baumann)
[2026-03-19] frr 10.5.3-1 MIGRATED to testing (Debian testing watch)
[2026-03-14] Accepted frr 10.5.3-1 (source) into unstable (Daniel Baumann)
[2026-02-27] frr 10.5.2-1 MIGRATED to testing (Debian testing watch)
[2026-02-22] Accepted frr 10.5.2-1 (source) into unstable (Daniel Baumann)
[2026-02-20] frr 10.5.1-3 MIGRATED to testing (Debian testing watch)
[2026-02-14] Accepted frr 10.5.1-3 (source) into unstable (Daniel Baumann)
[2026-02-14] Accepted frr 10.5.1-2 (source) into unstable (Daniel Baumann)
[2026-01-25] frr 10.5.1-1 MIGRATED to testing (Debian testing watch)
[2026-01-07] Accepted frr 10.5.1-1 (source) into unstable (Daniel Baumann)
[2026-01-05] Accepted frr 10.5.0-2 (source) into unstable (Daniel Baumann)
[2025-11-14] frr 10.5.0-1 MIGRATED to testing (Debian testing watch)
[2025-11-11] Accepted frr 10.5.0-1 (source) into unstable (Daniel Baumann)
[2025-08-17] frr 10.4.1-3 MIGRATED to testing (Debian testing watch)
[2025-08-12] Accepted frr 10.4.1-3 (source) into unstable (Daniel Baumann)
[2025-08-10] Accepted frr 10.4.1-2 (source) into unstable (Daniel Baumann)
[2025-08-06] Accepted frr 10.4.1-1 (source) into experimental (Daniel Baumann)
[2025-07-21] Accepted frr 10.4.0-1 (source) into experimental (Daniel Baumann)
[2025-07-13] Accepted frr 10.3.1-4 (source) into experimental (Daniel Baumann)
[2025-07-13] Accepted frr 10.3.1-3 (source) into experimental (Daniel Baumann)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 6)
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 10.5.1-1ubuntu4

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing