Описание
Security update for openvswitch
This update for openvswitch fixes the following issues:
Update to v3.1.7:
- CVE-2023-3966: openvswitch, openvswitch3: Invalid memory access in Geneve with HW offload (bsc#1219465).
- CVE-2024-2182: openvswitch: ov: insufficient validation of incoming BFD packets may lead to denial of service (bsc#1255435).
- CVE-2023-1668: openvswitch: remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054).
- CVE-2023-3153: openvswitch,openvswitch3: service monitor MAC flow is not rate limited (bsc#1212125).
- CVE-2023-5366: openvswitch: missing masks on a final stage with ports trie (bsc#1216002).
Список пакетов
SUSE Linux Enterprise Server 15 SP6-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2026:0280-1
- E-Mail link for SUSE-SU-2026:0280-1
- SUSE Security Ratings
- SUSE Bug 1210054
- SUSE Bug 1212125
- SUSE Bug 1216002
- SUSE Bug 1219465
- SUSE Bug 1255435
- SUSE CVE CVE-2023-1668 page
- SUSE CVE CVE-2023-3152 page
- SUSE CVE CVE-2023-3153 page
- SUSE CVE CVE-2023-3966 page
- SUSE CVE CVE-2023-5366 page
- SUSE CVE CVE-2024-2182 page
- SUSE CVE CVE-2025-0650 page
Описание
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Затронутые продукты
Ссылки
- CVE-2023-1668
- SUSE Bug 1210054
Описание
A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability.
Затронутые продукты
Ссылки
- CVE-2023-3152
Описание
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
Затронутые продукты
Ссылки
- CVE-2023-3153
- SUSE Bug 1212125
Описание
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.
Затронутые продукты
Ссылки
- CVE-2023-3966
- SUSE Bug 1219465
Описание
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Затронутые продукты
Ссылки
- CVE-2023-5366
- SUSE Bug 1216002
Описание
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
Затронутые продукты
Ссылки
- CVE-2024-2182
- SUSE Bug 1255435
Описание
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
Затронутые продукты
Ссылки
- CVE-2025-0650
- SUSE Bug 1236353