-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Jun 2026 15:30:27 +0800 Source: frr Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym Architecture: arm64 Version: 10.3-3+deb13u1 Distribution: trixie-security Urgency: high Maintainer: arm64 Build Daemon (arm-conova-03) Changed-By: Aron Xu Description: frr - FRRouting Internet routing protocol suite frr-rpki-rtrlib - FRRouting Internet routing protocol suite (BGP RPKI support) frr-snmp - FRRouting Internet routing protocol suite (SNMP support) Changes: frr (10.3-3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Backport upstream fixes for several BGP/OSPF parsing vulnerabilities: - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec operator decoder (bgp_flowspec_op_decode). - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing caused by a truncated uint16_t length accumulator. - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and ENCAP/VNC NLRIs. - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI. - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102, CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106, CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque LSAs while OSPF packet debugging is enabled. Checksums-Sha1: f2c1a8578ac368851e5f83de08ee9ca2acbf1f13 15702292 frr-dbgsym_10.3-3+deb13u1_arm64.deb 65b14dfc06b2b1567358ceb0066e38e8c84fd71f 97172 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_arm64.deb eedbdcd20ade33bc7a19c59961580e1c5e2cc719 34796 frr-rpki-rtrlib_10.3-3+deb13u1_arm64.deb 49e452c41c405ac73ea2118465d3db2576b99ee1 303984 frr-snmp-dbgsym_10.3-3+deb13u1_arm64.deb 7c2b7db3078957ddc49dbd04be145db7e730977b 69928 frr-snmp_10.3-3+deb13u1_arm64.deb 1be37cf6be99b741d99a4350b531700a194887e8 11194 frr_10.3-3+deb13u1_arm64-buildd.buildinfo cc1bfa7d532399a09aa357a8536505f118958b1a 5674892 frr_10.3-3+deb13u1_arm64.deb Checksums-Sha256: 53f7b7a118935d75b5e553e821b4309d230d4b2613be6901ba8fe81729676ee4 15702292 frr-dbgsym_10.3-3+deb13u1_arm64.deb 8afd71709bfdccf5444efd8e9864b56a0bc5e30f09e4414b6e1e46f5e2b422d6 97172 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_arm64.deb 123e96a89ff243d13042bf3c18b869c5e9b389fbc2beab00fc8d3f8f2bf706cf 34796 frr-rpki-rtrlib_10.3-3+deb13u1_arm64.deb 496d3fb31aa0f5d4256fa195e82f8949824ecdacda79a2e150171a67832d9987 303984 frr-snmp-dbgsym_10.3-3+deb13u1_arm64.deb 740dc89eafa7823d792b98effd4fc373b5920bf15d01cb5cb29db78e05dbc4d4 69928 frr-snmp_10.3-3+deb13u1_arm64.deb 2af7d9c21d27d7f17e352c447112e89ed248d444e508347eeed43d63ecfadaa2 11194 frr_10.3-3+deb13u1_arm64-buildd.buildinfo 30ba856741d7f79a08a90ba54dd09abd509d05d8e63f31d98ef7c6a1f7cd8ca7 5674892 frr_10.3-3+deb13u1_arm64.deb Files: fc5cdc6a214be2c1d6095d438f0d79a5 15702292 debug optional frr-dbgsym_10.3-3+deb13u1_arm64.deb 6a59ee56cb7ee398c045022a3c2059f0 97172 debug optional frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_arm64.deb a28bc7c75a13556219252345a42d935e 34796 net optional frr-rpki-rtrlib_10.3-3+deb13u1_arm64.deb 1357e4c500434603799f8802d68f8ccd 303984 debug optional frr-snmp-dbgsym_10.3-3+deb13u1_arm64.deb 7f526ac38267ffe105d42cb087357cc1 69928 net optional frr-snmp_10.3-3+deb13u1_arm64.deb 1a10f75fc3088ef85bc533804dc8d2b8 11194 net optional frr_10.3-3+deb13u1_arm64-buildd.buildinfo 1a0ea2d922899c3896fc2282884add54 5674892 net optional frr_10.3-3+deb13u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmog7MkACgkQXVp1sEH/ 1mIr1Q//RkDh8hBCno0RkrbMKvT4KF7vMuECqnPEk6fV42aNhAdZ7Zf64tpvyzfg bqFLekWCp2frs9bMrzjQaPImNu1HET80cE40f+yt+lmf01q2PZDkfYi5/cCoF/Lg Q3Q3s5l7E7Jrz6+fll2rkoQSZNtDzk3JzU6/keSG5/yjBVdicysN2VEOw5gktBHy ySapK7JwKUcqdTmGP/SJ78MVjWr26j/6vbebbBuWROp7Q4YlpxIrNx6LeOz0jhqU hDzyZqsbdYgFRNfaalFc7oQnrn1ujelQOtQ7w+LpWLWCspo/m9ynohM2dTVRwRoD WCDaoCMclR5fW8b+v+9sDpxq5Z3Vooin03Xs41NlrGY0R/Ev1q8ny2XbU+uF46p/ U24TPLUMhc3iWJw+o71v/9zID4Fvr8NNO4N0NbW4aNlM+9u/eLOJnIVcke2AdrAI eiDSl9usV2V8hDVcrSfpnuUCsE6qfRkjbbPR4+N1ArdYcTrgqQp62DAfKqy07NCr afmaqZ7+9tnwPpsNYgUvLWtHakwiVKGIJSYkc0z9g/vzW6SAhYvm/OekHdMRIIEY avAkBg2q2bUfaUa8AP1vPtxAzfL8rgXp4rqq4u0V7x8bLLXT75qvUIvksrsWZxrL lZYZIHUUCyV+br22g6FCCbvAPb8XQPZ0d2bsvyz0mtndQMD6ypw= =aMlo -----END PGP SIGNATURE-----