-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Jun 2026 15:30:27 +0800 Source: frr Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym Architecture: amd64 Version: 10.3-3+deb13u1 Distribution: trixie-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Aron Xu Description: frr - FRRouting Internet routing protocol suite frr-rpki-rtrlib - FRRouting Internet routing protocol suite (BGP RPKI support) frr-snmp - FRRouting Internet routing protocol suite (SNMP support) Changes: frr (10.3-3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Backport upstream fixes for several BGP/OSPF parsing vulnerabilities: - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec operator decoder (bgp_flowspec_op_decode). - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing caused by a truncated uint16_t length accumulator. - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and ENCAP/VNC NLRIs. - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI. - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102, CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106, CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque LSAs while OSPF packet debugging is enabled. Checksums-Sha1: be887c6cae3a921f6f6db5f831f64fe16bf9a20f 15749072 frr-dbgsym_10.3-3+deb13u1_amd64.deb b42f98c35c5285ec85b7b9f7b2b288a76fb89149 97364 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_amd64.deb 8021be931f59c714c33adf640c17c91ae9ed2277 34936 frr-rpki-rtrlib_10.3-3+deb13u1_amd64.deb 90b078e50785ad74bef2c0be61c59166203cea32 308760 frr-snmp-dbgsym_10.3-3+deb13u1_amd64.deb 3593e5223b653041c5874071bab678e1bb020604 74616 frr-snmp_10.3-3+deb13u1_amd64.deb 62d85ee1b0b852564fd497f7431a10755ebb09ec 11210 frr_10.3-3+deb13u1_amd64-buildd.buildinfo a8cff669bd7e4b0dbed87405e9cc76640118c35f 5878232 frr_10.3-3+deb13u1_amd64.deb Checksums-Sha256: d1bc43c6f353717484b4a8b098814e4b49b3dfed1fe2177b5dcce34476f4b9e0 15749072 frr-dbgsym_10.3-3+deb13u1_amd64.deb 23a209871580e2602f7233669b3d82aa5c3682702c21834af18d74c2053253d7 97364 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_amd64.deb 3311fc964bb7ccbba0c639f4704907f8b50d772d41b42485f5b57cc427366b59 34936 frr-rpki-rtrlib_10.3-3+deb13u1_amd64.deb 1b8e1e55e4b3737c4832dc105bd5f4a549bd57b73d5646a6843aead6129ca9d0 308760 frr-snmp-dbgsym_10.3-3+deb13u1_amd64.deb cdd6f8d4fa27b53b11ddb1dd0b19dd5ed38aa7bc71e38526757248c84384cb1d 74616 frr-snmp_10.3-3+deb13u1_amd64.deb 5eab83d148eb4286662aba389f4faf213c1ccaafb95434952a41898e4dbc6814 11210 frr_10.3-3+deb13u1_amd64-buildd.buildinfo 20718ad95f91d9bcda87769421bb33acc7a94d9f0bf0d994d31f0c6d9122ab0a 5878232 frr_10.3-3+deb13u1_amd64.deb Files: 7ac97641cff0ed51df0cda5d19fb1f86 15749072 debug optional frr-dbgsym_10.3-3+deb13u1_amd64.deb 091ac690fa021c095e0904cbd6a36f5a 97364 debug optional frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_amd64.deb aebd57cbc2ebecb93f6f632ca94a9191 34936 net optional frr-rpki-rtrlib_10.3-3+deb13u1_amd64.deb 73bd79fbc0b801e70e2f4cf7fdc81e0e 308760 debug optional frr-snmp-dbgsym_10.3-3+deb13u1_amd64.deb 3ef4aaf91b53ebfbdc12492826f4d7f4 74616 net optional frr-snmp_10.3-3+deb13u1_amd64.deb e64676d0db699188fff3c1c37af456cf 11210 net optional frr_10.3-3+deb13u1_amd64-buildd.buildinfo 885e8168be955396303a6f88f9a2c4b2 5878232 net optional frr_10.3-3+deb13u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmog7N4ACgkQPkCWRKsh 20c1QQ/+MMVMsNj5f5K/ZqtltHs+EA6OHtq4ieGRQnUtO9GUdOW0PB99JwEkl9pT vGTtoyl/3AKWza43y/GI727U95rRdyH5VJzO/sn+yu+h5tMS+Azqf0IyZHPV26S9 b+XZoJeaLOV5cdZa4+3Vea5zQbmL/p2swUK4Xbx+BV1OPGLysIfNeqAje+AEWo4n uun86x2ZnKu1o3bDdUEQW28zj4VKcPP9sIeI7U/qTHqYa3OTLBdW8erLUpmtGYzs Wcyq1JVugHaw85KJ+7bwBny1gewN/2wZtWp4dVdBBzte/s8MAsNnZpGoY5qn+UHB n3+E9GFedZUNSADPiftNzQeEoVhVOAzovcfjTKUPMX5WKp6DQOiIbYvQioO/zkul V1mk5gWCu0t8WajhoOU1N44063mWzXbGJXyb5cBd1HEQDXsNiq+/4EDZIeAfvr2d N2/Ds7uOaB+wrYRS5v139uX6ZzBWhShNjB2YlkkRI57H04XKcLudi9r8O1Ld2kXp FuEz+EfiyQ7ZR5CkkVRUR3JUacOJbAu/iR1PXOyB4Fq6pDs/aXoGPAQDkh3ULpxw w4xGet4bGFPu258RxNHhnQUMoPO7Wbv72a/hy6EqHisDTcg01IP0ke0T/2xPmA90 IK8vpnzwicrqASvVypO6d/3VAdKrByJyHnPTQvW2z/N71VR8w2k= =4mGa -----END PGP SIGNATURE-----