Sunday, November 26, 2023

[USN-6514-1] Open vSwitch vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmVj/fAFAwAAAAAACgkQWNrRIKaTkWeD
1BAA4XssRjMw8/pReydlj8q07Cn7A700Pk2w3REcwfPa2RLTyp9ih7kYZn3RzfYfRcaWaJB05tsq
DALabJBpGG+oy6Xmn5d+eQ7ww54nGMqx4yhsh02TRwXjQ5ovDN51ei/t7vBn8aiyuyMEvFoPewWe
B9zR/FjCHFz+w64fR35mVo13nQAOfYYnSg8xRNrM1JYu5DCYtR1yfURPXOpO2Iw2zjNuinoz0qK4
7iGPCCX0SEBBLWwH9llsG2YkhdUPiEDzyTpjLrXP+vhomXFSpsWGWfwWB1LB9eVgkYnVBsLQPMzr
zLc/Y2vm9HGjxnSqmFz/ke4fhY9u0NpHlCw0KtmqayDc7aT1CYOokeVmGIEALNMJDMUywzEY0NPR
RGzHcfuzwdIp77ioDhpeQh0nWxhgIqMDQwyNQiqeT7eDsYdrohl/j0pMM0bgp8b8wuwY136J2u9P
L7DxVWvLlBICnV68tYgIKYLTUryG6GuTNUa2zNFY/zWl2LhVpco7GACHDQuwqxhc2QGf5BoEb6Zt
5j/zuUaBi2D69TgnsD5wMRiTDHtaGTktBTNrmjLjs4Q/Q2kUNH1KlmZvjUCYSg+KDfUBTkT2Eg3g
5R6giGB/RL1XhkE5XmxSmHxlHs5RrufQ0ZMtLySWeXnuQZKzZ17ipgni4qVayvuv55TQZF2V3sDi
YtU=
=A843
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6514-1
November 26, 2023

openvswitch vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Open vSwitch could be made to expose sensitive information over the
network.

Software Description:
- openvswitch: Ethernet virtual switch

Details:

It was discovered that Open vSwitch did not correctly handle OpenFlow
rules for ICMPv6 Neighbour Advertisement packets. A local attacker could
possibly use this issue to redirect traffic to arbitrary IP addresses.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
openvswitch-common 2.13.8-0ubuntu1.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
openvswitch-common 2.9.8-0ubuntu0.18.04.5+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6514-1
CVE-2023-5366

Package Information:
https://launchpad.net/ubuntu/+source/openvswitch/2.13.8-0ubuntu1.3

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)