File _patchinfo of Package patchinfo.30434

<patchinfo incident="30434">
  <issue tracker="cve" id="2023-38802"/>
  <issue tracker="cve" id="2023-3748"/>
  <issue tracker="cve" id="2023-41360"/>
  <issue tracker="cve" id="2023-41358"/>
  <issue tracker="cve" id="2023-41909"/>
  <issue tracker="bnc" id="1213434">VUL-0: CVE-2023-3748: frr: Inifinite loop in babld message parsing may cause DoS</issue>
  <issue tracker="bnc" id="1213284">VUL-0: CVE-2023-38802: quagga,frr: bad length handling in BGP attribute handling</issue>
  <issue tracker="bnc" id="1214735">VUL-0: CVE-2023-41358: frr,quagga: bgpd/bgp_packet.c processes NLRIs if the attribute length is zero, which can lead to crash</issue>
  <issue tracker="bnc" id="1214739">VUL-0: CVE-2023-41360: frr,quagga: bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation</issue>
  <issue tracker="bnc" id="1215065">VUL-0: CVE-2023-41909: frr: NULL pointer dereference</issue>
  <packager>mtomaschewski</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for frr</summary>
  <description>This update for frr fixes the following issues:

- CVE-2023-38802: Fixed bad length handling in BGP attribute handling (bsc#1213284). 
- CVE-2023-41358: Fixed crash in bgpd/bgp_packet.c (bsc#1214735).
- CVE-2023-41360: Fixed out-of-bounds read in bgpd/bgp_packet.c (bsc#1214739).
- CVE-2023-3748: Fixed inifinite loop in babld message parsing may cause DoS (bsc#1213434).
- CVE-2023-41909: Fixed NULL pointer dereference due to processing in bgp_nlri_parse_flowspec (bsc#1215065).
</description>
</patchinfo>