-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Jun 2026 15:30:27 +0800 Source: frr Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym Architecture: i386 Version: 10.3-3+deb13u1 Distribution: trixie-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Aron Xu Description: frr - FRRouting Internet routing protocol suite frr-rpki-rtrlib - FRRouting Internet routing protocol suite (BGP RPKI support) frr-snmp - FRRouting Internet routing protocol suite (SNMP support) Changes: frr (10.3-3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Backport upstream fixes for several BGP/OSPF parsing vulnerabilities: - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec operator decoder (bgp_flowspec_op_decode). - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing caused by a truncated uint16_t length accumulator. - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and ENCAP/VNC NLRIs. - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI. - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102, CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106, CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque LSAs while OSPF packet debugging is enabled. Checksums-Sha1: 8db71c65fa187cecc5d773ce9c91968dc00a2d32 14391032 frr-dbgsym_10.3-3+deb13u1_i386.deb 1458c36e413746a2c5b5ceab42f43ab2e82aaa38 92652 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_i386.deb 2c81719a5fa22e65cbc04caa8b9655f598700165 33472 frr-rpki-rtrlib_10.3-3+deb13u1_i386.deb 3a10bc0e4b57352f3a90d59c97d456686d0a86a7 295496 frr-snmp-dbgsym_10.3-3+deb13u1_i386.deb 6a417f7a7a32d0fa82469d61c40ee235e4f49d5f 69972 frr-snmp_10.3-3+deb13u1_i386.deb 9c9e735a60e3ce6770691c4b94cf2a0b7208487e 11099 frr_10.3-3+deb13u1_i386-buildd.buildinfo 1bd7dc7f9b6170d9ba734993ab255141ff4a0b63 4946472 frr_10.3-3+deb13u1_i386.deb Checksums-Sha256: e219eace18c976e0fd5245bf26de4e3f17d5e93fdc81dc8fc0a539b48de35445 14391032 frr-dbgsym_10.3-3+deb13u1_i386.deb f30304440b721d05523b9e3d94ae1c9fc8f66023f02cdb19a40fb96969b13b4a 92652 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_i386.deb dc5de1d0d97a6b179842e2b7e62530ec05fc399833aa25308a46fbfe201113f5 33472 frr-rpki-rtrlib_10.3-3+deb13u1_i386.deb f7dfc2aa3f875844f59c3132ab5ca6e25b53016f9ae06d2cbb2fb5b26e2f761f 295496 frr-snmp-dbgsym_10.3-3+deb13u1_i386.deb 5a8be1ec3b69f5dbaddbf0bae8a56344d802b8aae3e6c107850695f6ecf788a0 69972 frr-snmp_10.3-3+deb13u1_i386.deb bc1c790a58b6fb89937fdba8eb7302591d89e7e1f654fcdbcc113e96c55e7f37 11099 frr_10.3-3+deb13u1_i386-buildd.buildinfo 38b76492adfe46aeaf029b7f2ea91bc03579d0bd2df9dcbbd4ef4a4fe9ae6aaf 4946472 frr_10.3-3+deb13u1_i386.deb Files: 4ed6ec3849296ff41f267e2f395abe6b 14391032 debug optional frr-dbgsym_10.3-3+deb13u1_i386.deb e47ae5dc39394d6f73a47fb93a5714df 92652 debug optional frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_i386.deb 0fb4e87550b0067adf748d677bef20a1 33472 net optional frr-rpki-rtrlib_10.3-3+deb13u1_i386.deb 567a27840253d1287b60bd8a31de8724 295496 debug optional frr-snmp-dbgsym_10.3-3+deb13u1_i386.deb 962a33e2af96e3ce0d5f1e75e30e6482 69972 net optional frr-snmp_10.3-3+deb13u1_i386.deb 8bd9fa013ae2cb2ae29332cc6b78ddf1 11099 net optional frr_10.3-3+deb13u1_i386-buildd.buildinfo 4eb6d18b9b0a20b1b8aed863987dc136 4946472 net optional frr_10.3-3+deb13u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmog7R4ACgkQbheoBegw XLJuNw/+I96N5tQooSkLs7zmxKg+L2liLJib3zTHsovu3gRJRhD6iEX7+1h1Mau4 lKv/zuGuzb4r5WG7A012o+VcFeaBqn9m1ADazinh3pY/HfXu6WinPBAdSLMk35FP RaUK7ojoAPPwaCxi8OLFMKcd4nxyh/wj4yRR0/LyMrxDaFfdqO0udwVTDXY4QQTi NJIjEvf5UvUrUmRgQUoOrafvsAQqw3MBg5uW/7kjLYCiaRhWaJP2afy51xzzDIQc Xfo2QlWfjCK58ah6jTLPM1hVpVOO066d9mRUAeJRrGfUgpOY90/+lyJjYmKmoVHt RsrCg2mNRY0I4ZDyLxB0SJcn7IyvQyXV+gopcmb9Fg/pAnyVj9o21YOhLitP1NGu lWYjFMgCQt2Fkfw0Qa0IanTw1B770gI2HTPJnnaMXKJVLQxEpS7vuAlIALt/iIFO qv4stpDlVpDk0JQhHjZ0QWNceYqG3wGvJNqQO4hc8zNxm04Hfql6RLQQDjSWr4Hx bGumApmZ8R3Ec7m/eoEMQQqYluAmrxHZGMjBOz9LXcZhDunQBVi/Jpl+3euVlPv0 A5MDKgr02ORLnLNBHXV3GTAvsckpUjkZogfY6kt3pFp4kWkYnopCw2+PL4GvtJ92 qy5FEESgU4q2Cx2pFqj5JaRXjzpMBrem34C96hLXTbM2ACuq1Kk= =CgI1 -----END PGP SIGNATURE-----