-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Jun 2026 15:30:27 +0800 Source: frr Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym Architecture: s390x Version: 10.3-3+deb13u1 Distribution: trixie-security Urgency: high Maintainer: s390x Build Daemon (zani) Changed-By: Aron Xu Description: frr - FRRouting Internet routing protocol suite frr-rpki-rtrlib - FRRouting Internet routing protocol suite (BGP RPKI support) frr-snmp - FRRouting Internet routing protocol suite (SNMP support) Changes: frr (10.3-3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Backport upstream fixes for several BGP/OSPF parsing vulnerabilities: - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec operator decoder (bgp_flowspec_op_decode). - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing caused by a truncated uint16_t length accumulator. - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and ENCAP/VNC NLRIs. - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI. - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102, CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106, CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque LSAs while OSPF packet debugging is enabled. Checksums-Sha1: d648649cbeb57f231b87589b4e64744a1fc2130f 14814036 frr-dbgsym_10.3-3+deb13u1_s390x.deb 46e7c95c80338571198ed462340e9e86fdcdcafa 94708 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_s390x.deb 86da9c3db67e7f8ffa850b9195202bd7d38119e6 33928 frr-rpki-rtrlib_10.3-3+deb13u1_s390x.deb 0cdb43be7cb5f93360b1860d5190180ab79ce1fb 248496 frr-snmp-dbgsym_10.3-3+deb13u1_s390x.deb fbc7b40fdcf125451697f8a04402e3df92c5e52a 73168 frr-snmp_10.3-3+deb13u1_s390x.deb 48a6ae2b1af809a96dbf06761351316422bd5c5d 11072 frr_10.3-3+deb13u1_s390x-buildd.buildinfo 0a628c973edab1636e267517700d4284547eb8b0 5615504 frr_10.3-3+deb13u1_s390x.deb Checksums-Sha256: 02823af64dd6c643a540dda0d6c806ae6956282d9c97b1936d275fd6c417d60a 14814036 frr-dbgsym_10.3-3+deb13u1_s390x.deb 31f38b463030cc7661d3b835ef5fd84efe6174618af0ea9a37d9e5375d56342b 94708 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_s390x.deb 7ae6cb6de57f7ae83f4e0a10a6d9c708942e93b80671ae52e93961575a1374be 33928 frr-rpki-rtrlib_10.3-3+deb13u1_s390x.deb 23c84cab4dc12d4e4fa2f93d544ee895e8f19766b13d44674965f30c65084fa3 248496 frr-snmp-dbgsym_10.3-3+deb13u1_s390x.deb e49c9915d67280b852b12128fe78d6336da4e33c4d91438044bf4278d49522cf 73168 frr-snmp_10.3-3+deb13u1_s390x.deb 9e7f52d3c8b16bb69a577983e8f889856bb60f01952c0e7b1b21b4bc2e9acd0f 11072 frr_10.3-3+deb13u1_s390x-buildd.buildinfo fc6f88e0d575edb046eeb42e0b83fac90b41cc5ee08c1820746f5dffaa0c94b0 5615504 frr_10.3-3+deb13u1_s390x.deb Files: 9fa0c28f0b3bd49e0109ae85da10ccee 14814036 debug optional frr-dbgsym_10.3-3+deb13u1_s390x.deb a09e92fb753d9825879a1bb417d0c332 94708 debug optional frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_s390x.deb eed496046fe61036e8e013c3777fbc09 33928 net optional frr-rpki-rtrlib_10.3-3+deb13u1_s390x.deb c97e94b53133d176dd1d274427efd6ce 248496 debug optional frr-snmp-dbgsym_10.3-3+deb13u1_s390x.deb a32e3aad63cf5bf15b1a58473ac7b68f 73168 net optional frr-snmp_10.3-3+deb13u1_s390x.deb 62f66f244e8abebfada29b4ef078e220 11072 net optional frr_10.3-3+deb13u1_s390x-buildd.buildinfo f1b017a5e1ce9c06dcfcf30e2e8a5b79 5615504 net optional frr_10.3-3+deb13u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmog7QIACgkQkaCrxAR3 BY0MkQ//c42sQgUk8osBJ3f1hncgfm6RsfekM9Xwm8YNIRtzg6bfukhx7JY5JTQm frBd2EnQyJR0ekIJ7U4V/+jkJTU7yU8T0O4KyCAJVFk9O7mG/IpVTD95yMXGDudn KE5U8tJ8y9l3cR8SBVfjf/KjiJoNUnpItfPSwaBzA/UyvDu3VK6LXdfVDEhPVuQL 6el4IcH1yQfgUOtE3yv8nRBgXci2B61MYro0F5uAgS01w6kRu7TVmKLNwb/ueClY zDeLslknJtrg7kZWj9YAq9wagwULS5PXbL4Lut9dB1/93BEVHrLqZzJfEO8nD0TG N6icutd9yXF8fwJnqDoqH32HqIUCHasdvvyTpZcYi6qD+/SZA9mnlOEL5m+oJhFz 1eiJlXLnuCde5j6Qc3dRDYXkqkXn3fi3B0ivdLmX92YYIR7BDbZIidfO2n7PA7Y6 oIXTWUIAdFadL+sPx5vpYdJzgyP7oVhWqv+a/6He97DBpuVrKyYcbioxRyMD4glB MxcNlU2D6FSnHXto5QAdq9YFfW5mZOsQlTxgel4ozN60Bi0Gy8r3L42pTbH9ytgL 5gNBIA24wA0irJpyDAz+jwFrAQ1tG0srt3cNHDJqFpSEPZ9Ji/FVZL7Jt3ugvWVu yBNISru7MQQz7gdYJcf9CJnzIkN9+f+l6dpBRm5dYM7jJOFMVa8= =2iO6 -----END PGP SIGNATURE-----