frr - Debian Package Tracker

general

source: frr (main)
version: 10.6.0-2
maintainer: Daniel Baumann (DMD)
uploaders: David Lamparter [DMD] [DM]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.5.1-1.1+deb11u2
o-o-sec: 7.5.1-1.1+deb11u4
oldstable: 8.4.4-1.1~deb12u1
old-sec: 8.4.4-1.1~deb12u1
stable: 10.3-3
testing: 10.6.0-2
unstable: 10.6.0-2

versioned links

7.5.1-1.1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.5.1-1.1+deb11u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.4.4-1.1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.3-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.6.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

frr (1 bugs: 0, 1, 0, 0)
frr-doc
frr-pythontools
frr-rpki-rtrlib
frr-snmp

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:01:45
Last run: 2026-03-31T08:12:40.000Z
Previous status: unknown

testing: fail (log)
The tests ran in 0:01:03
Last run: 2026-04-05T03:38:39.000Z
Previous status: unknown

stable: pass (log)
The tests ran in 0:01:21
Last run: 2025-11-09T08:42:43.000Z
Previous status: unknown

Created: 2025-11-23 Last update: 2026-04-11 09:31

10 security issues in trixie high

There are 10 open security issues in trixie.

6 important issues:

CVE-2026-5107: A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
CVE-2025-61099: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVE-2025-61100: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVE-2025-61101: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61102: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61105: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

4 issues left for the package maintainer to handle:

CVE-2025-61103: (postponed; to be fixed through a stable update) FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61104: (postponed; to be fixed through a stable update) FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61106: (postponed; to be fixed through a stable update) FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61107: (postponed; to be fixed through a stable update) FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-10-27 Last update: 2026-04-05 04:33

10 security issues in bullseye high

There are 10 open security issues in bullseye.

10 important issues:

CVE-2026-5107: A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
CVE-2025-61099: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVE-2025-61100: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVE-2025-61101: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61102: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61103: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61104: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61105: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61106: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61107: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.

Created: 2025-10-27 Last update: 2026-04-05 04:33

25 security issues in bookworm high

There are 25 open security issues in bookworm.

21 important issues:

CVE-2023-3748: A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
CVE-2026-5107: A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
CVE-2023-38407: bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-41361: An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
CVE-2023-46752: An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
CVE-2023-46753: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
CVE-2023-47234: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
CVE-2023-47235: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
CVE-2024-27913: ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
CVE-2024-31948: In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-31949: In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.
CVE-2024-31950: In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
CVE-2024-31951: In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVE-2024-34088: In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
CVE-2024-44070: An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-55553: In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.
CVE-2025-61099: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVE-2025-61100: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVE-2025-61101: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61102: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61105: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

4 issues left for the package maintainer to handle:

CVE-2025-61103: (postponed; to be fixed through a stable update) FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61104: (postponed; to be fixed through a stable update) FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61106: (postponed; to be fixed through a stable update) FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61107: (postponed; to be fixed through a stable update) FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-05-05 Last update: 2026-04-05 04:33

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit e5b831b6c5933e9aa16f33f238cd59b9b1e82a37
Author: Daniel Baumann <daniel@debian.org>
Date:   Tue Mar 31 13:17:56 2026 +0200

    Updating to standards version 4.7.4.
    
    Signed-off-by: Daniel Baumann <daniel@debian.org>

Created: 2026-03-31 Last update: 2026-04-10 16:32

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-03-31 Last update: 2026-03-31 03:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-03-31 15:01

testing migrations

This package will soon be part of the auto-libyang transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-04-05] frr 10.6.0-2 MIGRATED to testing (Debian testing watch)
[2026-03-30] Accepted frr 10.6.0-2 (source) into unstable (Daniel Baumann)
[2026-03-30] Accepted frr 10.6.0-1 (source) into experimental (Daniel Baumann)
[2026-03-19] frr 10.5.3-1 MIGRATED to testing (Debian testing watch)
[2026-03-14] Accepted frr 10.5.3-1 (source) into unstable (Daniel Baumann)
[2026-02-27] frr 10.5.2-1 MIGRATED to testing (Debian testing watch)
[2026-02-22] Accepted frr 10.5.2-1 (source) into unstable (Daniel Baumann)
[2026-02-20] frr 10.5.1-3 MIGRATED to testing (Debian testing watch)
[2026-02-14] Accepted frr 10.5.1-3 (source) into unstable (Daniel Baumann)
[2026-02-14] Accepted frr 10.5.1-2 (source) into unstable (Daniel Baumann)
[2026-01-25] frr 10.5.1-1 MIGRATED to testing (Debian testing watch)
[2026-01-07] Accepted frr 10.5.1-1 (source) into unstable (Daniel Baumann)
[2026-01-05] Accepted frr 10.5.0-2 (source) into unstable (Daniel Baumann)
[2025-11-14] frr 10.5.0-1 MIGRATED to testing (Debian testing watch)
[2025-11-11] Accepted frr 10.5.0-1 (source) into unstable (Daniel Baumann)
[2025-08-17] frr 10.4.1-3 MIGRATED to testing (Debian testing watch)
[2025-08-12] Accepted frr 10.4.1-3 (source) into unstable (Daniel Baumann)
[2025-08-10] Accepted frr 10.4.1-2 (source) into unstable (Daniel Baumann)
[2025-08-06] Accepted frr 10.4.1-1 (source) into experimental (Daniel Baumann)
[2025-07-21] Accepted frr 10.4.0-1 (source) into experimental (Daniel Baumann)
[2025-07-13] Accepted frr 10.3.1-4 (source) into experimental (Daniel Baumann)
[2025-07-13] Accepted frr 10.3.1-3 (source) into experimental (Daniel Baumann)
[2025-06-24] Accepted frr 10.3.1-2 (source) into experimental (Daniel Baumann)
[2025-06-01] Accepted frr 10.3.1-1 (source) into experimental (Daniel Baumann)
[2025-06-01] Accepted frr 10.3-5 (source) into experimental (Daniel Baumann)
[2025-05-17] Accepted frr 10.3-4 (source) into experimental (Daniel Baumann)
[2025-05-12] frr 10.3-3 MIGRATED to testing (Debian testing watch)
[2025-05-02] Accepted frr 10.3-3 (source) into unstable (Daniel Baumann)
[2025-04-26] frr 10.3-2 MIGRATED to testing (Debian testing watch)
[2025-04-16] Accepted frr 10.3-2 (source) into unstable (Daniel Baumann)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 6)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 10.5.1-1ubuntu2
patches for 10.5.1-1ubuntu2