SUSE-SU-2023:4657-1

Опубликовано: 06 дек. 2023

Источник: suse-cvrf

Описание

Security update for openvswitch3

This update for openvswitch3 fixes the following issues:

CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002).

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP5

libopenvswitch-3_1-0-3.1.0-150500.3.11.1

libovn-23_03-0-23.03.0-150500.3.11.1

openvswitch3-3.1.0-150500.3.11.1

openvswitch3-devel-3.1.0-150500.3.11.1

openvswitch3-ipsec-3.1.0-150500.3.11.1

openvswitch3-pki-3.1.0-150500.3.11.1

openvswitch3-test-3.1.0-150500.3.11.1

openvswitch3-vtep-3.1.0-150500.3.11.1

ovn3-23.03.0-150500.3.11.1

ovn3-central-23.03.0-150500.3.11.1

ovn3-devel-23.03.0-150500.3.11.1

ovn3-docker-23.03.0-150500.3.11.1

ovn3-host-23.03.0-150500.3.11.1

ovn3-vtep-23.03.0-150500.3.11.1

python3-ovs3-3.1.0-150500.3.11.1

openSUSE Leap 15.5

libopenvswitch-3_1-0-3.1.0-150500.3.11.1

libovn-23_03-0-23.03.0-150500.3.11.1

openvswitch3-3.1.0-150500.3.11.1

openvswitch3-devel-3.1.0-150500.3.11.1

openvswitch3-doc-3.1.0-150500.3.11.1

openvswitch3-ipsec-3.1.0-150500.3.11.1

openvswitch3-pki-3.1.0-150500.3.11.1

openvswitch3-test-3.1.0-150500.3.11.1

openvswitch3-vtep-3.1.0-150500.3.11.1

ovn3-23.03.0-150500.3.11.1

ovn3-central-23.03.0-150500.3.11.1

ovn3-devel-23.03.0-150500.3.11.1

ovn3-doc-23.03.0-150500.3.11.1

ovn3-docker-23.03.0-150500.3.11.1

ovn3-host-23.03.0-150500.3.11.1

ovn3-vtep-23.03.0-150500.3.11.1

python3-ovs3-3.1.0-150500.3.11.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234657-1/
Link for SUSE-SU-2023:4657-1
https://lists.suse.com/pipermail/sle-security-updates/2023-December/017288.html
E-Mail link for SUSE-SU-2023:4657-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216002
SUSE Bug 1216002
https://www.suse.com/security/cve/CVE-2023-5366/
SUSE CVE CVE-2023-5366 page

Описание

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP5:libopenvswitch-3_1-0-3.1.0-150500.3.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:libovn-23_03-0-23.03.0-150500.3.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:openvswitch3-3.1.0-150500.3.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP5:openvswitch3-devel-3.1.0-150500.3.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-5366.html
CVE-2023-5366
https://bugzilla.suse.com/1216002
SUSE Bug 1216002

SUSE-SU-2023:4657-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-5366

Описание

Затронутые продукты

Ссылки