Headline
Ubuntu Security Notice USN-5698-2
Ubuntu Security Notice 5698-2 - USN-5698-1 fixed a vulnerability in Open. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
=========================================================================Ubuntu Security Notice USN-5698-2October 25, 2022openvswitch vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:Open vSwitch could be made to crash or run programs if it receivedspecially crafted network traffic.Software Description:- openvswitch: Ethernet virtual switchDetails:USN-5698-1 fixed a vulnerability in Open. This update providesthe corresponding update for Ubuntu 16.04 ESM.Original advisory details: It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: openvswitch-common 2.5.9-0ubuntu0.16.04.3+esm1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5698-2 https://ubuntu.com/security/notices/USN-5698-1 CVE-2022-32166
Related news
Ubuntu Security Notice 5698-1 - It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.