Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:1795-1

Опубликовано: 07 апр. 2023
Источник: suse-cvrf

Описание

Security update for openvswitch

This update for openvswitch fixes the following issues:

  • CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524).
  • CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865).

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP4
libdpdk-18_11-18.11.9-150100.4.23.1
libopenvswitch-2_11-0-2.11.5-150100.3.18.2
openSUSE Leap 15.4
libdpdk-18_11-18.11.9-150100.4.23.1
libopenvswitch-2_11-0-2.11.5-150100.3.18.2
openvswitch-ovn-central-2.11.5-150100.3.18.2
openvswitch-ovn-common-2.11.5-150100.3.18.2
openvswitch-ovn-docker-2.11.5-150100.3.18.2
openvswitch-ovn-host-2.11.5-150100.3.18.2
openvswitch-ovn-vtep-2.11.5-150100.3.18.2

Ссылки

Описание

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP4:libdpdk-18_11-18.11.9-150100.4.23.1
SUSE Linux Enterprise Module for Package Hub 15 SP4:libopenvswitch-2_11-0-2.11.5-150100.3.18.2
openSUSE Leap 15.4:libdpdk-18_11-18.11.9-150100.4.23.1
openSUSE Leap 15.4:libopenvswitch-2_11-0-2.11.5-150100.3.18.2
Ссылки

Описание

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of "minimasks" function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP4:libdpdk-18_11-18.11.9-150100.4.23.1
SUSE Linux Enterprise Module for Package Hub 15 SP4:libopenvswitch-2_11-0-2.11.5-150100.3.18.2
openSUSE Leap 15.4:libdpdk-18_11-18.11.9-150100.4.23.1
openSUSE Leap 15.4:libopenvswitch-2_11-0-2.11.5-150100.3.18.2
Ссылки