[SECURITY] [DLA 3168-1] openvswitch security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3168-1] openvswitch security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 29 Oct 2022 08:57:38 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2210290854040.5175@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3168-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 29, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openvswitch
Version        : 2.10.7+ds1-0+deb10u2
CVE ID         : CVE-2022-32166

An issue has been found in openvswitch, a software-based, Ethernetvirtual switch.

This issue is about a heap buffer over-read in flow.c, which could leadto access to an unmapped region of memory. This could result in crashingthe software, memory modification, or possible remote execution.

For Debian 10 buster, this problem has been fixed in version2.10.7+ds1-0+deb10u2.


We recommend that you upgrade your openvswitch packages.

For the detailed security status of openvswitch please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openvswitch

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmNc6wJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdKag//ceEp6nfuZSmcTeA1h4tiS8GhaYDyTy+HI/pgYs84ovjvJJQjtcQltOMz
qzu2LSevOXDwpTsdfGQos2hKbq7ZcYVucjmDOh66O0mW92Dis6ICreQJQ68mfFf+
57TmhyTl4bL21EFfIaNylsB7gEsjyykNGxOWYRDF+hX48zjNlOrFMWVCxSfJwQv9
j7Qc3ytdSwjrAWCF6v0mn7ijkHHjOhERKJ6jUbiUJ2NLi8bIarxWroTpnq8h/q7j
rOxIie+yu6RpgiiAV6XYwJqWCEIKdxCLhANbGLNVNUID7h+UeYNJkZMQhx1fqqPM
LxkKfVjBUdiFNRAp3NWYYDTqB3WJ6eugcfkCJgUWOlgbbGZ0dQVZY1CHYXhzmA6P
IpUE33KvfTYzkXbzYiisWY1U916TO0cbsD0EB76LTt/eRh3xM4nw1y2LyMB5YsQu
pYZAKbtXocCVm/JwOeULX0kOp8TT1doHoWAB8Bw+0GW81UyNqGC9JxwlrhF3DNWN
eJB4eJNeeds11vO2RvoiF7HDRfu6ffanPBmcWzz9E7jcyoQXERDAp2UtBqWCbdl9
wlfHs1o83+Hpd4FEslrXl7tBqfWNtrvoX8ixWRjQMFjZn28vjukgBkNO27gCMNb1
ujiQDDCeLYJRQ6X5f97JIK7uozKx3U9FFMbiyBBdUuxkiCbw37E=
=2XdP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3164-1] python-django security update
Next by Date: [SECURITY] [DLA 3167-1] ncurses security update
Previous by thread: [SECURITY] [DLA 3164-1] python-django security update
Next by thread: [SECURITY] [DLA 3167-1] ncurses security update
Index(es):
- Date
- Thread