FRR vulnerabilities
Published: Wed, 03 Jun 2026 13:15
Summary
Several security issues were fixed in FRR.
Details
It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-28532) It was discovered that FRR incorrectly handled certain BGP FlowSpec components. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-37457) It was discovered that FRR did not properly validate certain MP_REACH_NLRI messages. An authenticated user could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-37458) It was discovered that FRR incorrectly handled processing certain BGP UPDATE messages. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-37459)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
frr→8.1-1ubuntu1.16apt_upgradeStandard apt upgrade. Install 8.1-1ubuntu1.16 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr→8.1-1ubuntu1.16apt_upgradeStandard apt upgrade. Install 8.1-1ubuntu1.16 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-doc→8.1-1ubuntu1.16apt_upgradeStandard apt upgrade. Install 8.1-1ubuntu1.16 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-pythontools→8.1-1ubuntu1.16apt_upgradeStandard apt upgrade. Install 8.1-1ubuntu1.16 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-pythontools
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-rpki-rtrlib→8.1-1ubuntu1.16apt_upgradeStandard apt upgrade. Install 8.1-1ubuntu1.16 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-rpki-rtrlib
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-snmp→8.1-1ubuntu1.16apt_upgradeStandard apt upgrade. Install 8.1-1ubuntu1.16 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-snmp
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
frr→8.4.4-1.1ubuntu6.7apt_upgradeStandard apt upgrade. Install 8.4.4-1.1ubuntu6.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr→8.4.4-1.1ubuntu6.7apt_upgradeStandard apt upgrade. Install 8.4.4-1.1ubuntu6.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-doc→8.4.4-1.1ubuntu6.7apt_upgradeStandard apt upgrade. Install 8.4.4-1.1ubuntu6.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-pythontools→8.4.4-1.1ubuntu6.7apt_upgradeStandard apt upgrade. Install 8.4.4-1.1ubuntu6.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-pythontools
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-rpki-rtrlib→8.4.4-1.1ubuntu6.7apt_upgradeStandard apt upgrade. Install 8.4.4-1.1ubuntu6.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-rpki-rtrlib
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-snmp→8.4.4-1.1ubuntu6.7apt_upgradeStandard apt upgrade. Install 8.4.4-1.1ubuntu6.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-snmp
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu questing
frr→10.4.1-3ubuntu1.4apt_upgradeStandard apt upgrade. Install 10.4.1-3ubuntu1.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr→10.4.1-3ubuntu1.4apt_upgradeStandard apt upgrade. Install 10.4.1-3ubuntu1.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-doc→10.4.1-3ubuntu1.4apt_upgradeStandard apt upgrade. Install 10.4.1-3ubuntu1.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-pythontools→10.4.1-3ubuntu1.4apt_upgradeStandard apt upgrade. Install 10.4.1-3ubuntu1.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-pythontools
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-rpki-rtrlib→10.4.1-3ubuntu1.4apt_upgradeStandard apt upgrade. Install 10.4.1-3ubuntu1.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-rpki-rtrlib
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-snmp→10.4.1-3ubuntu1.4apt_upgradeStandard apt upgrade. Install 10.4.1-3ubuntu1.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-snmp
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu resolute
frr→10.5.1-1ubuntu4.1apt_upgradeStandard apt upgrade. Install 10.5.1-1ubuntu4.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr→10.5.1-1ubuntu4.1apt_upgradeStandard apt upgrade. Install 10.5.1-1ubuntu4.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-doc→10.5.1-1ubuntu4.1apt_upgradeStandard apt upgrade. Install 10.5.1-1ubuntu4.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-pythontools→10.5.1-1ubuntu4.1apt_upgradeStandard apt upgrade. Install 10.5.1-1ubuntu4.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-pythontools
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-rpki-rtrlib→10.5.1-1ubuntu4.1apt_upgradeStandard apt upgrade. Install 10.5.1-1ubuntu4.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-rpki-rtrlib
Most apt upgrades restart their service automatically. needrestart lists anything else.
frr-snmp→10.5.1-1ubuntu4.1apt_upgradeStandard apt upgrade. Install 10.5.1-1ubuntu4.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y frr-snmp
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8376-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8376-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.