SUSE-SU-2023:2259-1

Опубликовано: 22 мая 2023

Источник: suse-cvrf

Описание

Security update for openvswitch

This update for openvswitch fixes the following issues:

CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).
CVE-2022-32166: Fixed out of bounds read in minimask_equal() (bsc#1203865).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

openvswitch-2.5.11-25.34.1

openvswitch-dpdk-2.5.11-25.34.1

openvswitch-dpdk-switch-2.5.11-25.34.1

openvswitch-switch-2.5.11-25.34.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232259-1/
Link for SUSE-SU-2023:2259-1
https://lists.suse.com/pipermail/sle-security-updates/2023-May/014933.html
E-Mail link for SUSE-SU-2023:2259-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1203865
SUSE Bug 1203865
https://bugzilla.suse.com/1206580
SUSE Bug 1206580
https://bugzilla.suse.com/1206581
SUSE Bug 1206581
https://www.suse.com/security/cve/CVE-2022-32166/
SUSE CVE CVE-2022-32166 page
https://www.suse.com/security/cve/CVE-2022-4337/
SUSE CVE CVE-2022-4337 page
https://www.suse.com/security/cve/CVE-2022-4338/
SUSE CVE CVE-2022-4338 page

Описание

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of "minimasks" function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-dpdk-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-dpdk-switch-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-switch-2.5.11-25.34.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32166.html
CVE-2022-32166
https://bugzilla.suse.com/1203865
SUSE Bug 1203865

Описание

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-dpdk-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-dpdk-switch-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-switch-2.5.11-25.34.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-4337.html
CVE-2022-4337
https://bugzilla.suse.com/1206581
SUSE Bug 1206581

Описание

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-dpdk-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-dpdk-switch-2.5.11-25.34.1

SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-switch-2.5.11-25.34.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-4338.html
CVE-2022-4338
https://bugzilla.suse.com/1206580
SUSE Bug 1206580

SUSE-SU-2023:2259-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

Ссылки

Уязвимость: CVE-2022-32166

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-4337

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-4338

Описание

Затронутые продукты

Ссылки