Описание
Security update for openvswitch
This update for openvswitch fixes the following issues:
- CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
- CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).
- CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865).
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524).
Список пакетов
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2023:2360-1
- E-Mail link for SUSE-SU-2023:2360-1
- SUSE Security Ratings
- SUSE Bug 1188524
- SUSE Bug 1203865
- SUSE Bug 1206580
- SUSE Bug 1206581
- SUSE CVE CVE-2021-36980 page
- SUSE CVE CVE-2022-32166 page
- SUSE CVE CVE-2022-4337 page
- SUSE CVE CVE-2022-4338 page
Описание
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
Затронутые продукты
Ссылки
- CVE-2021-36980
- SUSE Bug 1188524
- SUSE Bug 1196498
Описание
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of "minimasks" function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Затронутые продукты
Ссылки
- CVE-2022-32166
- SUSE Bug 1203865
Описание
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
Затронутые продукты
Ссылки
- CVE-2022-4337
- SUSE Bug 1206581
Описание
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
Затронутые продукты
Ссылки
- CVE-2022-4338
- SUSE Bug 1206580