Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FRRouting some new CVEs for <= 9.1

Hello Sophos,

today we received the information, that FRR has new CVEs:

CVE-2024-31948
CVE-2024-31949
CVE-2024-31950
CVE-2024-31951

All versions <= 9.1 are affected, including version 8.4.2 on the Sophos firewalls. When will the update be provided?

Thanks,

Ben



This thread was automatically locked due to age.
Parents
  • Hello Ben,

    Thank you for contacting the Sophos Community.

    This is currently being investigated under NC-133407, no further information has been shared.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Here is update on these:

    These 2 - BGP related - 

    CVE-2024-31948 
    CVE-2024-31949

    are tracked under NC-133407 and are planned to be fixed in upcoming SFOS 20.0MR1 release.

    These 2 ( Ospf TE related)
    CVE-2024-31950
    CVE-2024-31951

    These are now tracked under different ticket: NC-133682 and no fix version set for these yet. These CVEs  specific to ospf mpls traffic engineering related - the config for which is not supported on SFOS UI and hence does not directly impact SFOS. (such config is however possible via advanced backend CLIs).

    The open source FRRouting does not have any patch for these available. Dev team will continue to monitor open source fix for this and integrate the patch in SFOS when available.

Reply
  • Here is update on these:

    These 2 - BGP related - 

    CVE-2024-31948 
    CVE-2024-31949

    are tracked under NC-133407 and are planned to be fixed in upcoming SFOS 20.0MR1 release.

    These 2 ( Ospf TE related)
    CVE-2024-31950
    CVE-2024-31951

    These are now tracked under different ticket: NC-133682 and no fix version set for these yet. These CVEs  specific to ospf mpls traffic engineering related - the config for which is not supported on SFOS UI and hence does not directly impact SFOS. (such config is however possible via advanced backend CLIs).

    The open source FRRouting does not have any patch for these available. Dev team will continue to monitor open source fix for this and integrate the patch in SFOS when available.

Children
No Data