Security update for frr SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0665-1 Final 1 1 2026-02-26T15:16:24Z current 2026-02-26T15:16:24Z 2026-02-26T15:16:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for frr This update for frr fixes the following issues: - CVE-2025-61099: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252838) - CVE-2025-61100: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252829) - CVE-2025-61101: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252833) - CVE-2025-61102: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252835) - CVE-2025-61103: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252810) - CVE-2025-61104: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252811) - CVE-2025-61105: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252761) - CVE-2025-61106: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252812) - CVE-2025-61107: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252813) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-665,SUSE-SLE-Module-Server-Applications-15-SP7-2026-665 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ Link for SUSE-SU-2026:0665-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024445.html E-Mail link for SUSE-SU-2026:0665-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1252761 SUSE Bug 1252761 https://bugzilla.suse.com/1252810 SUSE Bug 1252810 https://bugzilla.suse.com/1252811 SUSE Bug 1252811 https://bugzilla.suse.com/1252812 SUSE Bug 1252812 https://bugzilla.suse.com/1252813 SUSE Bug 1252813 https://bugzilla.suse.com/1252829 SUSE Bug 1252829 https://bugzilla.suse.com/1252833 SUSE Bug 1252833 https://bugzilla.suse.com/1252835 SUSE Bug 1252835 https://bugzilla.suse.com/1252838 SUSE Bug 1252838 https://www.suse.com/security/cve/CVE-2025-61099/ SUSE CVE CVE-2025-61099 page https://www.suse.com/security/cve/CVE-2025-61100/ SUSE CVE CVE-2025-61100 page https://www.suse.com/security/cve/CVE-2025-61101/ SUSE CVE CVE-2025-61101 page https://www.suse.com/security/cve/CVE-2025-61102/ SUSE CVE CVE-2025-61102 page https://www.suse.com/security/cve/CVE-2025-61103/ SUSE CVE CVE-2025-61103 page https://www.suse.com/security/cve/CVE-2025-61104/ SUSE CVE CVE-2025-61104 page https://www.suse.com/security/cve/CVE-2025-61105/ SUSE CVE CVE-2025-61105 page https://www.suse.com/security/cve/CVE-2025-61106/ SUSE CVE CVE-2025-61106 page https://www.suse.com/security/cve/CVE-2025-61107/ SUSE CVE CVE-2025-61107 page SUSE Linux Enterprise Module for Server Applications 15 SP7 frr-10.2.1-150700.3.5.1 frr-devel-10.2.1-150700.3.5.1 libfrr0-10.2.1-150700.3.5.1 libfrr_pb0-10.2.1-150700.3.5.1 libfrrcares0-10.2.1-150700.3.5.1 libfrrfpm_pb0-10.2.1-150700.3.5.1 libfrrospfapiclient0-10.2.1-150700.3.5.1 libfrrsnmp0-10.2.1-150700.3.5.1 libfrrzmq0-10.2.1-150700.3.5.1 libmgmt_be_nb0-10.2.1-150700.3.5.1 frr-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 frr-devel-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libfrr0-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libfrr_pb0-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libfrrcares0-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libfrrfpm_pb0-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libfrrospfapiclient0-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libfrrsnmp0-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libfrrzmq0-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libmgmt_be_nb0-10.2.1-150700.3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet. CVE-2025-61099 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61099.html CVE-2025-61099 https://bugzilla.suse.com/1252837 SUSE Bug 1252837 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions. CVE-2025-61100 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61100.html CVE-2025-61100 https://bugzilla.suse.com/1252828 SUSE Bug 1252828 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. CVE-2025-61101 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61101.html CVE-2025-61101 https://bugzilla.suse.com/1252832 SUSE Bug 1252832 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. CVE-2025-61102 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61102.html CVE-2025-61102 https://bugzilla.suse.com/1252834 SUSE Bug 1252834 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. CVE-2025-61103 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61103.html CVE-2025-61103 https://bugzilla.suse.com/1252810 SUSE Bug 1252810 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. CVE-2025-61104 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61104.html CVE-2025-61104 https://bugzilla.suse.com/1252811 SUSE Bug 1252811 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. CVE-2025-61105 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61105.html CVE-2025-61105 https://bugzilla.suse.com/1252760 SUSE Bug 1252760 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. CVE-2025-61106 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61106.html CVE-2025-61106 https://bugzilla.suse.com/1252812 SUSE Bug 1252812 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet. CVE-2025-61107 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:frr-devel-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrr_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrcares0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrfpm_pb0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrospfapiclient0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrsnmp0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libfrrzmq0-10.2.1-150700.3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:libmgmt_be_nb0-10.2.1-150700.3.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260665-1/ https://www.suse.com/security/cve/CVE-2025-61107.html CVE-2025-61107 https://bugzilla.suse.com/1252813 SUSE Bug 1252813