UbuntuUpdates.org

Package "openvswitch-switch"

Name: openvswitch-switch

Description:

Open vSwitch switch implementations

Latest version: 2.9.8-0ubuntu0.18.04.5
Release: bionic (18.04)
Level: updates
Repository: main
Head package: openvswitch
Homepage: http://openvswitch.org/

Links


Download "openvswitch-switch"


Other versions of "openvswitch-switch" in Bionic

Repository Area Version
base main 2.9.0-0ubuntu1
security main 2.9.8-0ubuntu0.18.04.5

Changelog

Version: 2.9.8-0ubuntu0.18.04.5 2023-05-10 15:07:12 UTC

  openvswitch (2.9.8-0ubuntu0.18.04.5) bionic-security; urgency=medium

  * SECURITY UPDATE: remote traffic denial of service via crafted packets
    with IP proto 0
    - debian/patches/CVE-2023-1668.patch: Always mask ip proto field in
      include/openvswitch/meta-flow.h, lib/meta-flow.c,
      ofproto/ofproto-dpif-xlate.c, tests/ofproto-dpif.at,
      tests/packet-type-aware.at.
    - CVE-2023-1668

 -- Marc Deslauriers <email address hidden> Wed, 12 Apr 2023 15:03:23 -0400

Source diff to previous version
CVE-2023-1668 A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying

Version: 2.9.8-0ubuntu0.18.04.4 2023-02-27 15:06:55 UTC

  openvswitch (2.9.8-0ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: issues in Organization Specific TLV
    - debian/patches/CVE-2022-433x.patch: fix bugs when parsing malformed
      AutoAttach in lib/lldp/lldp.c, tests/ofproto-dpif.at.
    - CVE-2022-4337
    - CVE-2022-4338

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2023 08:56:54 -0500

Source diff to previous version
CVE-2022-4337 An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
CVE-2022-4338 An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

Version: 2.9.8-0ubuntu0.18.04.3 2022-10-25 14:07:13 UTC

  openvswitch (2.9.8-0ubuntu0.18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: heap buffer over-read
    - debian/patches/CVE-2022-32166.patch: avoid unsafe comparison of
      minimasks in lib/flow.c.
    - CVE-2022-32166

 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 11:18:00 -0400

Source diff to previous version
CVE-2022-32166 In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead acc

Version: 2.9.8-0ubuntu0.18.04.2 2021-02-10 17:06:23 UTC

  openvswitch (2.9.8-0ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: packet parsing vulnerability
    - debian/patches/CVE-2020-35498.patch: support extra padding length in
      lib/conntrack.c, lib/dp-packet.h, lib/flow.c, tests/classifier.at.
    - CVE-2020-35498

 -- Marc Deslauriers <email address hidden> Thu, 28 Jan 2021 14:49:10 -0500

Source diff to previous version
CVE-2020-35498 RESERVED

Version: 2.9.7-0ubuntu0.18.04.2 2021-01-13 20:06:25 UTC

  openvswitch (2.9.7-0ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow decoding malformed packets in lldp
    - debian/patches/CVE-2015-8011.patch: check lengths in lib/lldp/lldp.c.
    - CVE-2015-8011
  * SECURITY UPDATE: Externally triggered memory leak in lldp
    - debian/patches/CVE-2020-27827.patch: properly free memory in
      lib/lldp/lldp.c.
    - CVE-2020-27827

 -- Marc Deslauriers <email address hidden> Fri, 08 Jan 2021 07:30:25 -0500

CVE-2015-8011 Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (da
CVE-2020-27827 RESERVED



About   -   Send Feedback to @ubuntu_updates