==========================================================================
Ubuntu Security Notice USN-7661-1
July 22, 2025
gobgp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in GoBGP.
Software Description:
- gobgp: BGP implementation in Go
Details:
It was discovered that GoBGP did not properly manage memory under
certain circumstances, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service. This
issue was only addressed in Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
(CVE-2023-46565)
It was discovered that GoBGP did not properly verify the length of
certain inputs. An attacker could possibly use this issue to cause a
panic resulting in a denial of service.
(CVE-2025-43970, CVE-2025-43971, CVE-2025-43972, CVE-2025-43973)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
gobgpd 3.23.0-1ubuntu0.3+esm2
Available with Ubuntu Pro
golang-github-osrg-gobgp-dev 3.23.0-1ubuntu0.3+esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
gobgpd 2.25.0-3ubuntu0.1+esm2
Available with Ubuntu Pro
golang-github-osrg-gobgp-dev 2.25.0-3ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gobgpd 2.12.0-1ubuntu0.1~esm2
Available with Ubuntu Pro
golang-github-osrg-gobgp-dev 2.12.0-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gobgpd 1.29-1ubuntu0.1+esm1
Available with Ubuntu Pro
golang-github-osrg-gobgp-dev 1.29-1ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7661-1
CVE-2023-46565, CVE-2025-43970, CVE-2025-43971, CVE-2025-43972,
CVE-2025-43973
No comments:
Post a Comment