Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 1486 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FRRouting some new CVEs for <= 9.1

Ben@Network

Hello Sophos,

today we received the information, that FRR has new CVEs:

CVE-2024-31948
CVE-2024-31949
CVE-2024-31950
CVE-2024-31951

All versions <= 9.1 are affected, including version 8.4.2 on the Sophos firewalls. When will the update be provided?

Thanks,

Ben



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to emmosophos

    Here is update on these:

    These 2 - BGP related - 

    CVE-2024-31948 
    CVE-2024-31949

    are tracked under NC-133407 and are planned to be fixed in upcoming SFOS 20.0MR1 release.

    These 2 ( Ospf TE related)
    CVE-2024-31950
    CVE-2024-31951

    These are now tracked under different ticket: NC-133682 and no fix version set for these yet. These CVEs  specific to ospf mpls traffic engineering related - the config for which is not supported on SFOS UI and hence does not directly impact SFOS. (such config is however possible via advanced backend CLIs).

    The open source FRRouting does not have any patch for these available. Dev team will continue to monitor open source fix for this and integrate the patch in SFOS when available.

Unfiltered HTML