[FROG] New Releases of FRR
sharpd at cumulusnetworks.com
Wed Jan 9 20:34:33 EST 2019
On Monday a research group installed into the global BGP routing table
a prefix with a attribute type of 0xFF, which is designated as
experimental by BGP RFC's. FRR had a developmental escape that read
this attribute incorrectly and caused the bgp peering session to flap.
If you have compiled FRR with the `--enable-bgp-vnc` option and run
BGP as a peer on the global routing table you are vulnerable to this
issue. This issue has been fixed in FRR with this commit:
We have applied this fix to the stable/3.0(3.0.4), stable/4.0(4.0.1),
stable/5.0(5.0.2) and stable/6.0(6.0.2) branches. New releases can be
Snap packaging and the FreeBSD ports have been updated as well. We
recommend you update your installation of FRR immediately.
At this point we are applying for a CVE and will announce that
information when we have it.
In the near future we plan to implement RFC-7606 to handle this
situation better in BGP, if you have any questions please feel free to
email me, or to open up discussions on the frog alias.
More information about the frog