214 lines
9.1 KiB
JSON
214 lines
9.1 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20231806",
|
||
"Version": "oval:org.altlinux.errata:def:20231806",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2023-1806: package `openvswitch` update to version 2.17.6-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p10"
|
||
],
|
||
"Products": [
|
||
"ALT Server",
|
||
"ALT Virtualization Server",
|
||
"ALT Workstation",
|
||
"ALT Workstation K",
|
||
"ALT Education",
|
||
"Simply Linux",
|
||
"Starterkit"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2023-1806",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1806",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2023-00290",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2023-00290",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2023-00291",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2023-00291",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2019-25076",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25076",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2021-3905",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3905",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2022-4337",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-4337",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2022-4338",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-4338",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2023-1668",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1668",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades openvswitch to version 2.17.6-alt1. \nSecurity Fix(es):\n\n * BDU:2023-00290: Уязвимость программного многоуровневого коммутатора Open vSwitch, связанная с потерей значимости целого числа, позволяющая нарушителю выполнить произвольный код в целевой системе\n\n * BDU:2023-00291: Уязвимость программного многоуровневого коммутатора Open vSwitch, связанная с потерей значимости целого числа, позволяющая нарушителю выполнить произвольный код в целевой системе\n\n * CVE-2019-25076: The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.\n\n * CVE-2021-3905: A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.\n\n * CVE-2022-4337: An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.\n\n * CVE-2022-4338: An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.\n\n * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "Critical",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2023-05-15"
|
||
},
|
||
"Updated": {
|
||
"Date": "2023-05-15"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2023-00290",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://bdu.fstec.ru/vul/2023-00290",
|
||
"Impact": "Critical",
|
||
"Public": "20230110"
|
||
},
|
||
{
|
||
"ID": "BDU:2023-00291",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-125, CWE-191",
|
||
"Href": "https://bdu.fstec.ru/vul/2023-00291",
|
||
"Impact": "Critical",
|
||
"Public": "20230110"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2019-25076",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
|
||
"CWE": "NVD-CWE-noinfo",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25076",
|
||
"Impact": "Low",
|
||
"Public": "20220908"
|
||
},
|
||
{
|
||
"ID": "CVE-2021-3905",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-401",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3905",
|
||
"Impact": "High",
|
||
"Public": "20220823"
|
||
},
|
||
{
|
||
"ID": "CVE-2022-4337",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-4337",
|
||
"Impact": "Critical",
|
||
"Public": "20230110"
|
||
},
|
||
{
|
||
"ID": "CVE-2022-4338",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-4338",
|
||
"Impact": "Critical",
|
||
"Public": "20230110"
|
||
},
|
||
{
|
||
"ID": "CVE-2023-1668",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
|
||
"CWE": "CWE-670",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1668",
|
||
"Impact": "High",
|
||
"Public": "20230410"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:kworkstation:10",
|
||
"cpe:/o:alt:workstation:10",
|
||
"cpe:/o:alt:server:10",
|
||
"cpe:/o:alt:server-v:10",
|
||
"cpe:/o:alt:education:10",
|
||
"cpe:/o:alt:slinux:10",
|
||
"cpe:/o:alt:starterkit:p10",
|
||
"cpe:/o:alt:kworkstation:10.1",
|
||
"cpe:/o:alt:workstation:10.1",
|
||
"cpe:/o:alt:server:10.1",
|
||
"cpe:/o:alt:server-v:10.1",
|
||
"cpe:/o:alt:education:10.1",
|
||
"cpe:/o:alt:slinux:10.1",
|
||
"cpe:/o:alt:starterkit:10.1",
|
||
"cpe:/o:alt:kworkstation:10.2",
|
||
"cpe:/o:alt:workstation:10.2",
|
||
"cpe:/o:alt:server:10.2",
|
||
"cpe:/o:alt:server-v:10.2",
|
||
"cpe:/o:alt:education:10.2",
|
||
"cpe:/o:alt:slinux:10.2",
|
||
"cpe:/o:alt:starterkit:10.2"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20231806001",
|
||
"Comment": "libopenvswitch is earlier than 0:2.17.6-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20231806002",
|
||
"Comment": "libopenvswitch-devel is earlier than 0:2.17.6-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20231806003",
|
||
"Comment": "openvswitch is earlier than 0:2.17.6-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20231806004",
|
||
"Comment": "openvswitch-debugtools is earlier than 0:2.17.6-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20231806005",
|
||
"Comment": "openvswitch-ipsec is earlier than 0:2.17.6-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20231806006",
|
||
"Comment": "openvswitch-vtep is earlier than 0:2.17.6-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20231806007",
|
||
"Comment": "python3-module-openvswitch is earlier than 0:2.17.6-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |