-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Jun 2026 15:30:27 +0800 Source: frr Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym Architecture: armhf Version: 10.3-3+deb13u1 Distribution: trixie-security Urgency: high Maintainer: armhf Build Daemon (arm-ubc-04) Changed-By: Aron Xu Description: frr - FRRouting Internet routing protocol suite frr-rpki-rtrlib - FRRouting Internet routing protocol suite (BGP RPKI support) frr-snmp - FRRouting Internet routing protocol suite (SNMP support) Changes: frr (10.3-3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Backport upstream fixes for several BGP/OSPF parsing vulnerabilities: - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec operator decoder (bgp_flowspec_op_decode). - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing caused by a truncated uint16_t length accumulator. - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and ENCAP/VNC NLRIs. - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI. - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102, CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106, CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque LSAs while OSPF packet debugging is enabled. Checksums-Sha1: 7d53b4857c25730aefe9c6daea903b75b4494730 14906092 frr-dbgsym_10.3-3+deb13u1_armhf.deb 98e3e1e28f53af1cea86b421f07a1c56f445bd85 96980 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_armhf.deb 3eb7c9b44bcc591725321c4f993d284009de153a 32536 frr-rpki-rtrlib_10.3-3+deb13u1_armhf.deb fe9e5aae3275baae9f0c320896510b450a20fe84 246124 frr-snmp-dbgsym_10.3-3+deb13u1_armhf.deb 9363fad13a46d46b715e636efb4847962fee5b95 65980 frr-snmp_10.3-3+deb13u1_armhf.deb c77e60724c39544fce0bce205354164a4538a9f6 11076 frr_10.3-3+deb13u1_armhf-buildd.buildinfo 952e84a192c4fc801e35500afeb91e2d2893db74 4740604 frr_10.3-3+deb13u1_armhf.deb Checksums-Sha256: 02372f22752458bdb93d04cacc737b52d4e65d54144223bf5f1e85658d840288 14906092 frr-dbgsym_10.3-3+deb13u1_armhf.deb 63cd55367a7a040a290eaa1b59b90cb3fc2ba745b9aa6fb0df33a3d27dd34e82 96980 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_armhf.deb 80b2e47398e0bd613aa1e9f1b2444c03d999d88c35844f06518d6be81c3ced61 32536 frr-rpki-rtrlib_10.3-3+deb13u1_armhf.deb 88e07dfdc1217abbd110b704063afd6371544876cddf168af2f3315af0bb4f5d 246124 frr-snmp-dbgsym_10.3-3+deb13u1_armhf.deb 0f0b70b1f4897e5d332cb928d41893f05c747754088d90d3ac15eafdd304a286 65980 frr-snmp_10.3-3+deb13u1_armhf.deb 413fb3c92b912a00aaa27871b76067c90d9d851a66ff15eba2f03eeb53115b73 11076 frr_10.3-3+deb13u1_armhf-buildd.buildinfo 765dbdaf0c297f3a744fa6c836040c1f88ba15db5dd4f79c7819245038061317 4740604 frr_10.3-3+deb13u1_armhf.deb Files: ec84934cb1bafa926eb56bd90f5247b0 14906092 debug optional frr-dbgsym_10.3-3+deb13u1_armhf.deb 55780bfc516360a47e38361b66ca4a8b 96980 debug optional frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_armhf.deb 9441e5da549a13517eb929bfc681416b 32536 net optional frr-rpki-rtrlib_10.3-3+deb13u1_armhf.deb 6a45492b5a4a56963384cc3551620f3b 246124 debug optional frr-snmp-dbgsym_10.3-3+deb13u1_armhf.deb 0d99c7dfb03ae569d84cca5287721abd 65980 net optional frr-snmp_10.3-3+deb13u1_armhf.deb b98609f715b6842496670189926cfc32 11076 net optional frr_10.3-3+deb13u1_armhf-buildd.buildinfo 1e09ead4af647db315075dc8c7a747bf 4740604 net optional frr_10.3-3+deb13u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEECx5fXZYVNP9tMtwlK1PZBedPspoFAmog7NMACgkQK1PZBedP spqAMw/8DztJ2AFpAj8JIQBnDHPLBvaI4vGwaOHnrpCk7HDaNqyADoQbrARMuu2S zEh14kdtJDBP9We8qwI24vDyTvv7oB6NIzlA4u1nNCkTnBfYLrugDwDeCO17Xnjp y/CVsh9dG3aQLjpN9peUhpbsEIu6jtLckYDDALCTjjdSWDGLB+ir7JM3bSRsqTQu 7+UNSXpxMtdX6Evv4Mizchk/9GFadmLEBp/uamAQg6W+MFz+Cz33rqEgMxaQYJnY vkUqsdey3GfIC3Aukx/D7yHS0AYkmlIr1xg6d2bIwg2s1aSDuq5IoQNJ/J3kr1sr 2teNOiJSl/nv3SH+hvo8TTMUnKsOlyso8v0fgeH1fFOywFD2AUQ+u1y7d9Oooiaf tXRS5POmlJRoyKV+GzJeUY+0sQ6pg4aPd3AME5zZDaGswulH6kYBSbvJ7Ry0Mc1d 38lsTjDofrsVDomZYMMpcF0qhxXqRnIkewVWFqvDDJPXyqw0fk8qTDbLkgS5oqtk r5LdUjTnDPuQcHkhdshXp6lMBU0V35c2X1hFn5w3psSxCTHdqqrcxl3tn+rTovaZ npe6BJZd2ep5Hyr68Pu/Gh+b9GExe8McnHikqNWEaFeLebk+h/pJ+tEGW7SxrDV6 LCrNTkpuWJTgX6uAJvTyVBfeWSdFKtn+jKPGAoZj4ZOrgNQkUmA= =uANt -----END PGP SIGNATURE-----