Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:2274-1

Опубликовано: 23 мая 2023
Источник: suse-cvrf

Описание

Security update for openvswitch

This update for openvswitch fixes the following issues:

  • CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054).
  • CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
  • CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).

Список пакетов

SUSE Enterprise Storage 7
libopenvswitch-2_13-0-2.13.2-150200.9.22.1
libovn-20_03-0-20.03.1-150200.9.22.1
openvswitch-2.13.2-150200.9.22.1
openvswitch-devel-2.13.2-150200.9.22.1
openvswitch-ipsec-2.13.2-150200.9.22.1
openvswitch-pki-2.13.2-150200.9.22.1
openvswitch-test-2.13.2-150200.9.22.1
openvswitch-vtep-2.13.2-150200.9.22.1
ovn-20.03.1-150200.9.22.1
ovn-central-20.03.1-150200.9.22.1
ovn-devel-20.03.1-150200.9.22.1
ovn-docker-20.03.1-150200.9.22.1
ovn-host-20.03.1-150200.9.22.1
ovn-vtep-20.03.1-150200.9.22.1
python3-ovs-2.13.2-150200.9.22.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libopenvswitch-2_13-0-2.13.2-150200.9.22.1
libovn-20_03-0-20.03.1-150200.9.22.1
openvswitch-2.13.2-150200.9.22.1
openvswitch-devel-2.13.2-150200.9.22.1
openvswitch-ipsec-2.13.2-150200.9.22.1
openvswitch-pki-2.13.2-150200.9.22.1
openvswitch-test-2.13.2-150200.9.22.1
openvswitch-vtep-2.13.2-150200.9.22.1
ovn-20.03.1-150200.9.22.1
ovn-central-20.03.1-150200.9.22.1
ovn-devel-20.03.1-150200.9.22.1
ovn-docker-20.03.1-150200.9.22.1
ovn-host-20.03.1-150200.9.22.1
ovn-vtep-20.03.1-150200.9.22.1
python3-ovs-2.13.2-150200.9.22.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libopenvswitch-2_13-0-2.13.2-150200.9.22.1
libovn-20_03-0-20.03.1-150200.9.22.1
openvswitch-2.13.2-150200.9.22.1
openvswitch-devel-2.13.2-150200.9.22.1
openvswitch-ipsec-2.13.2-150200.9.22.1
openvswitch-pki-2.13.2-150200.9.22.1
openvswitch-test-2.13.2-150200.9.22.1
openvswitch-vtep-2.13.2-150200.9.22.1
ovn-20.03.1-150200.9.22.1
ovn-central-20.03.1-150200.9.22.1
ovn-devel-20.03.1-150200.9.22.1
ovn-docker-20.03.1-150200.9.22.1
ovn-host-20.03.1-150200.9.22.1
ovn-vtep-20.03.1-150200.9.22.1
python3-ovs-2.13.2-150200.9.22.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libopenvswitch-2_13-0-2.13.2-150200.9.22.1
libovn-20_03-0-20.03.1-150200.9.22.1
openvswitch-2.13.2-150200.9.22.1
openvswitch-devel-2.13.2-150200.9.22.1
openvswitch-ipsec-2.13.2-150200.9.22.1
openvswitch-pki-2.13.2-150200.9.22.1
openvswitch-test-2.13.2-150200.9.22.1
openvswitch-vtep-2.13.2-150200.9.22.1
ovn-20.03.1-150200.9.22.1
ovn-central-20.03.1-150200.9.22.1
ovn-devel-20.03.1-150200.9.22.1
ovn-docker-20.03.1-150200.9.22.1
ovn-host-20.03.1-150200.9.22.1
ovn-vtep-20.03.1-150200.9.22.1
python3-ovs-2.13.2-150200.9.22.1
openSUSE Leap 15.4
libopenvswitch-2_13-0-2.13.2-150200.9.22.1
libovn-20_03-0-20.03.1-150200.9.22.1

Ссылки

Описание

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

Затронутые продукты
SUSE Enterprise Storage 7:libopenvswitch-2_13-0-2.13.2-150200.9.22.1
SUSE Enterprise Storage 7:libovn-20_03-0-20.03.1-150200.9.22.1
SUSE Enterprise Storage 7:openvswitch-2.13.2-150200.9.22.1
SUSE Enterprise Storage 7:openvswitch-devel-2.13.2-150200.9.22.1
Ссылки

Описание

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

Затронутые продукты
SUSE Enterprise Storage 7:libopenvswitch-2_13-0-2.13.2-150200.9.22.1
SUSE Enterprise Storage 7:libovn-20_03-0-20.03.1-150200.9.22.1
SUSE Enterprise Storage 7:openvswitch-2.13.2-150200.9.22.1
SUSE Enterprise Storage 7:openvswitch-devel-2.13.2-150200.9.22.1
Ссылки

Описание

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Затронутые продукты
SUSE Enterprise Storage 7:libopenvswitch-2_13-0-2.13.2-150200.9.22.1
SUSE Enterprise Storage 7:libovn-20_03-0-20.03.1-150200.9.22.1
SUSE Enterprise Storage 7:openvswitch-2.13.2-150200.9.22.1
SUSE Enterprise Storage 7:openvswitch-devel-2.13.2-150200.9.22.1
Ссылки
Уязвимость SUSE-SU-2023:2274-1