Security update for openvswitch
| Announcement ID: | SUSE-SU-2023:2250-2 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities can now be installed.
Description:
This update for openvswitch fixes the following issues:
- CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
- CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2250=1
Package List:
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- ovn-host-20.06.2-150400.24.6.1
- python3-ovs-2.14.2-150400.24.6.1
- openvswitch-ipsec-2.14.2-150400.24.6.1
- ovn-devel-20.06.2-150400.24.6.1
- openvswitch-vtep-debuginfo-2.14.2-150400.24.6.1
- ovn-vtep-20.06.2-150400.24.6.1
- ovn-central-debuginfo-20.06.2-150400.24.6.1
- openvswitch-test-2.14.2-150400.24.6.1
- ovn-vtep-debuginfo-20.06.2-150400.24.6.1
- ovn-central-20.06.2-150400.24.6.1
- libovn-20_06-0-20.06.2-150400.24.6.1
- openvswitch-test-debuginfo-2.14.2-150400.24.6.1
- libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.6.1
- openvswitch-debugsource-2.14.2-150400.24.6.1
- openvswitch-2.14.2-150400.24.6.1
- openvswitch-devel-2.14.2-150400.24.6.1
- openvswitch-pki-2.14.2-150400.24.6.1
- ovn-host-debuginfo-20.06.2-150400.24.6.1
- ovn-docker-20.06.2-150400.24.6.1
- ovn-debuginfo-20.06.2-150400.24.6.1
- openvswitch-vtep-2.14.2-150400.24.6.1
- libopenvswitch-2_14-0-2.14.2-150400.24.6.1
- libovn-20_06-0-debuginfo-20.06.2-150400.24.6.1
- ovn-20.06.2-150400.24.6.1
- openvswitch-debuginfo-2.14.2-150400.24.6.1
-
openSUSE Leap 15.5 (noarch)
- openvswitch-doc-2.14.2-150400.24.6.1
- ovn-doc-20.06.2-150400.24.6.1