rpms/frr
7
0
Fork 0
Code Issues Pull Requests Releases Activity
Routing daemon
31 Commits 10 Branches 68 Tags 512 KiB
Diff 100%
c8s
Go to file
RHEL Packaging Agent 4acbe765c8 frr: fix CVE-2026-37457 off-by-one error in FlowSpec operator array bounds check 
Backport upstream commit 0e6882bc72c0278988a47b2f0f73b7a91099a25c to
fix an off-by-one error in FlowSpec operator array bounds checking in
bgpd/bgp_flowspec_util.c. The patch changes the comparison from
`loop > BGP_PBR_MATCH_VAL_MAX` to `loop >= BGP_PBR_MATCH_VAL_MAX`
and adds an early return in both bgp_flowspec_op_decode() and
bgp_flowspec_bitmask_decode() to prevent writing one element past
the end of the mval[] array when more than 5 chained operators are
present in a FlowSpec component.

CVE: CVE-2026-37457
Upstream patches:
 - 0e6882bc72.patch
Resolves: RHEL-174676

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-05-21 12:07:49 +00:00
.fmf Resolves: RHEL-2263 - eBGP multihop peer flapping due to delta miscalculation of new configuration 2023-10-10 16:22:36 +02:00
.gitignore Fixing uploaded sources in c8s 2023-04-28 14:51:03 +02:00
0000-remove-babeld-and-ldpd.patch Auto sync2gitlab import of frr-7.5-11.el8.src.rpm 2022-05-26 07:12:40 -04:00
0001-use-python3.patch Auto sync2gitlab import of frr-7.5-11.el8.src.rpm 2022-05-26 07:12:40 -04:00
0002-enable-openssl.patch Auto sync2gitlab import of frr-7.5-11.el8.src.rpm 2022-05-26 07:12:40 -04:00
0003-disable-eigrp-crypto.patch Auto sync2gitlab import of frr-7.5-11.el8.src.rpm 2022-05-26 07:12:40 -04:00
0004-fips-mode.patch Auto sync2gitlab import of frr-7.5-11.el8.src.rpm 2022-05-26 07:12:40 -04:00
0006-CVE-2020-12831.patch Auto sync2gitlab import of frr-7.5-11.el8.src.rpm 2022-05-26 07:12:40 -04:00
0007-frrinit.patch Auto sync2gitlab import of frr-7.5-11.el8.src.rpm 2022-05-26 07:12:40 -04:00
0008-designated-router.patch Auto sync2gitlab import of frr-7.5.1-1.el8.src.rpm 2022-06-06 20:43:33 -04:00
0009-routemap.patch Auto sync2gitlab import of frr-7.5.1-1.el8.src.rpm 2022-06-06 20:43:33 -04:00
0010-moving-executables.patch Auto sync2gitlab import of frr-7.5.1-3.el8.src.rpm 2022-08-27 12:17:48 +00:00
0011-reload-bfd-profile.patch Auto sync2gitlab import of frr-7.5.1-3.el8.src.rpm 2022-08-27 12:17:48 +00:00
0012-graceful-restart.patch Auto sync2gitlab import of frr-7.5.1-5.el8.src.rpm 2022-11-16 06:10:00 +00:00
0013-CVE-2022-37032.patch Auto sync2gitlab import of frr-7.5.1-7.el8.src.rpm 2022-12-08 04:10:10 +00:00
0014-bfd-profile-crash.patch Resolves: #2226803 - BFD crash in FRR running in MetalLB 2023-08-16 15:30:15 +02:00
0015-max-ttl-reload.patch Resolves: RHEL-2263 - eBGP multihop peer flapping due to delta miscalculation of new configuration 2023-10-10 16:22:36 +02:00
0016-CVE-2023-38802.patch Resolves: RHEL-6617 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router 2023-10-13 09:08:32 +02:00
0017-fix-crash-in-plist-update.patch Resolves: RHEL-12039 - crash in plist update 2023-10-19 11:27:33 +02:00
0018-CVE-2023-38406.patch Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c 2023-12-19 14:26:18 +01:00
0019-CVE-2023-38407.patch Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c 2023-12-19 14:26:18 +01:00
0020-CVE-2023-47234.patch Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c 2023-12-19 14:26:18 +01:00
0021-CVE-2023-47235.patch Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c 2023-12-19 14:26:18 +01:00
0022-route-map-event.patch Resolves: RHEL-6583 - Routes are not refreshed after changing the inbound route rules from deny to permit 2023-12-19 16:47:48 +01:00
0023-CVE-2023-46752.patch Resolves: RHEL-14821 - mishandled malformed data leading to a crash 2024-02-05 09:38:57 +01:00
0024-CVE-2023-46753.patch Resolves: RHEL-14824 - crafted BGP UPDATE message leading to a crash 2024-02-05 10:18:06 +01:00
0025-CVE-2023-31490.patch Resolves: RHEL-4797 - missing length check in bgp_attr_psid_sub() can lead do DoS 2024-02-07 09:21:41 +01:00
0026-CVE-2023-41909.patch Resolves: RHEL-2216 - NULL pointer dereference 2024-02-07 09:52:39 +01:00
0027-dynamic-netlink-buffer.patch Resolves: RHEL-22303 - Zebra not fetching host routes 2024-02-07 15:51:43 +01:00
0028-vtysh-in-namespaces.patch Resolves: RHEL-65250 - When using namespaces, integrated configs for frr fail to write 2025-04-04 12:55:25 +02:00
ci.fmf Fixing the testing plans 2023-10-17 10:09:42 +02:00
frr-tmpfiles.conf Auto sync2gitlab import of frr-7.5-11.el8.src.rpm 2022-05-26 07:12:40 -04:00
frr.fc Auto sync2gitlab import of frr-7.5.1-7.el8.src.rpm 2022-12-08 04:10:10 +00:00
frr.if Related: #2216911 - Adding unconfined_t type to access namespaces 2023-08-23 09:59:15 +02:00
frr.spec frr: fix CVE-2026-37457 off-by-one error in FlowSpec operator array bounds check 2026-05-21 12:07:49 +00:00
frr.te Resolves: #2216911 - Adding missing sys_admin SELinux call 2023-08-23 13:40:51 +02:00
gating.yaml Update of fmf plans and gating for c8s 2024-10-07 10:03:40 +02:00
plans.fmf Fixing fmf testing files 2026-05-21 13:38:29 +02:00
RHEL-174676.patch frr: fix CVE-2026-37457 off-by-one error in FlowSpec operator array bounds check 2026-05-21 12:07:49 +00:00
rpminspect.yaml Resolves: #2226803 - BFD crash in FRR running in MetalLB 2023-08-16 15:30:15 +02:00
sources Fixing uploaded sources in c8s 2023-04-28 14:51:03 +02:00