[FROG] New Releases of FRR

Donald Sharp sharpd at cumulusnetworks.com
Wed Jan 9 20:34:33 EST 2019


All -

On Monday a research group installed into the global BGP routing table
a prefix with a attribute type of 0xFF, which is designated as
experimental by BGP RFC's.  FRR had a developmental escape that read
this attribute incorrectly and caused the bgp peering session to flap.
If you have compiled FRR with the `--enable-bgp-vnc` option and run
BGP as a peer on the global routing table you are vulnerable to this
issue.  This issue has been fixed in FRR with this commit:

https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a

We have applied this fix to the stable/3.0(3.0.4), stable/4.0(4.0.1),
stable/5.0(5.0.2) and stable/6.0(6.0.2) branches.  New releases can be
found here:

https://github.com/FRRouting/frr/releases/tag/frr-3.0.4
https://github.com/FRRouting/frr/releases/tag/frr-4.0.1
https://github.com/FRRouting/frr/releases/tag/frr-5.0.2
https://github.com/FRRouting/frr/releases/tag/frr-6.0.2

Snap packaging and the FreeBSD ports have been updated as well.  We
recommend you update your installation of FRR immediately.

At this point we are applying for a CVE and will announce that
information when we have it.

In the near future we plan to implement RFC-7606 to handle this
situation better in BGP, if you have any questions please feel free to
email me, or to open up discussions on the frog alias.

thanks!

donald



More information about the frog mailing list