Описание
Security update for openvswitch
This update for openvswitch fixes the following issues:
- CVE-2022-32166: Fixed out of bounds read in minimask_equal() (bsc#1203865).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libopenvswitch-2_11-0-2.11.5-3.12.1
openvswitch-2.11.5-3.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libopenvswitch-2_11-0-2.11.5-3.12.1
openvswitch-2.11.5-3.12.1
Ссылки
- Link for SUSE-SU-2022:4050-1
- E-Mail link for SUSE-SU-2022:4050-1
- SUSE Security Ratings
- SUSE Bug 1203865
- SUSE CVE CVE-2022-32166 page
Описание
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of "minimasks" function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libopenvswitch-2_11-0-2.11.5-3.12.1
SUSE Linux Enterprise Server 12 SP5:openvswitch-2.11.5-3.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenvswitch-2_11-0-2.11.5-3.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:openvswitch-2.11.5-3.12.1
Ссылки
- CVE-2022-32166
- SUSE Bug 1203865