Security update for openvswitch SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:4050-1 Final 1 1 2022-11-17T14:17:24Z current 2022-11-17T14:17:24Z 2022-11-17T14:17:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openvswitch This update for openvswitch fixes the following issues: - CVE-2022-32166: Fixed out of bounds read in minimask_equal() (bsc#1203865). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-4050,SUSE-SLE-SERVER-12-SP5-2022-4050 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20224050-1/ Link for SUSE-SU-2022:4050-1 https://lists.suse.com/pipermail/sle-security-updates/2022-November/012963.html E-Mail link for SUSE-SU-2022:4050-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1203865 SUSE Bug 1203865 https://www.suse.com/security/cve/CVE-2022-32166/ SUSE CVE CVE-2022-32166 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 libopenvswitch-2_11-0-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 openvswitch-doc-2.11.5-3.12.1 openvswitch-ipsec-2.11.5-3.12.1 openvswitch-ovn-central-2.11.5-3.12.1 openvswitch-ovn-common-2.11.5-3.12.1 openvswitch-ovn-docker-2.11.5-3.12.1 openvswitch-ovn-host-2.11.5-3.12.1 openvswitch-ovn-vtep-2.11.5-3.12.1 openvswitch-pki-2.11.5-3.12.1 openvswitch-test-2.11.5-3.12.1 openvswitch-vtep-2.11.5-3.12.1 python2-ovs-2.11.5-3.12.1 python3-ovs-2.11.5-3.12.1 libopenvswitch-2_11-0-2.11.5-3.12.1 as a component of SUSE Linux Enterprise Server 12 SP5 openvswitch-2.11.5-3.12.1 as a component of SUSE Linux Enterprise Server 12 SP5 libopenvswitch-2_11-0-2.11.5-3.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 openvswitch-2.11.5-3.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. CVE-2022-32166 SUSE Linux Enterprise Server 12 SP5:libopenvswitch-2_11-0-2.11.5-3.12.1 SUSE Linux Enterprise Server 12 SP5:openvswitch-2.11.5-3.12.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenvswitch-2_11-0-2.11.5-3.12.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:openvswitch-2.11.5-3.12.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20224050-1/ https://www.suse.com/security/cve/CVE-2022-32166.html CVE-2022-32166 https://bugzilla.suse.com/1203865 SUSE Bug 1203865