File _patchinfo of Package patchinfo.30538
<patchinfo incident="30538">
<issue tracker="cve" id="2023-38802"/>
<issue tracker="cve" id="2023-41358"/>
<issue tracker="cve" id="2023-41909"/>
<issue tracker="bnc" id="1214735">VUL-0: CVE-2023-41358: frr,quagga: bgpd/bgp_packet.c processes NLRIs if the attribute length is zero, which can lead to crash</issue>
<issue tracker="bnc" id="1213284">VUL-0: CVE-2023-38802: quagga,frr: bad length handling in BGP attribute handling</issue>
<issue tracker="bnc" id="1215065">VUL-0: CVE-2023-41909: frr: NULL pointer dereference</issue>
<packager>mtomaschewski</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for frr</summary>
<description>This update for frr fixes the following issues:
- CVE-2023-38802: Fixed bad length handling when processing BGP attributes. (bsc#1213284)
- CVE-2023-41358: Fixed a possible crash when processing NLRIs with an attribute length of zero. (bsc#1214735)
- CVE-2023-41909: Fixed NULL pointer dereference due to processing in bgp_nlri_parse_flowspec (bsc#1215065).
</description>
</patchinfo>