Overview

File _patchinfo of Package patchinfo.30538

<patchinfo incident="30538">
  <issue tracker="cve" id="2023-38802"/>
  <issue tracker="cve" id="2023-41358"/>
  <issue tracker="cve" id="2023-41909"/>
  <issue tracker="bnc" id="1214735">VUL-0: CVE-2023-41358: frr,quagga: bgpd/bgp_packet.c processes NLRIs if the attribute length is zero, which can lead to crash</issue>
  <issue tracker="bnc" id="1213284">VUL-0: CVE-2023-38802: quagga,frr: bad length handling in BGP attribute handling</issue>
  <issue tracker="bnc" id="1215065">VUL-0: CVE-2023-41909: frr: NULL pointer dereference</issue>
  <packager>mtomaschewski</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for frr</summary>
  <description>This update for frr fixes the following issues:

- CVE-2023-38802: Fixed bad length handling when processing BGP attributes. (bsc#1213284)
- CVE-2023-41358: Fixed a possible crash when processing NLRIs with an attribute length of zero. (bsc#1214735)
- CVE-2023-41909: Fixed NULL pointer dereference due to processing in bgp_nlri_parse_flowspec (bsc#1215065).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places