Bug 1196498

Summary: network/openvswitch: CVE-2021-36980 use-after-free
Product: [openSUSE] openSUSE Distribution Reporter: Ferdinand Thiessen <rpm>
Component: NetworkAssignee: E-mail List <screening-team-bugs>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: jcaamano
Version: Leap 15.4   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ferdinand Thiessen 2022-02-25 13:22:44 UTC 
openvswitch through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.

Recommended fix:
Update to at least 2.16.0 or latest version (2.17.0)

Affected openSUSE versions:
Factory
Leap 15.x (all)

Sources:
CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-36980
Patch: https://github.com/openvswitch/ovs/compare/5704a7f35cf54d74559caf5e2acb54d87a956820...5740843c4404caba7a38e1920fd0ed8a23a84084
Comment 1 Marcus Meissner 2022-02-25 13:25:03 UTC 
dup of bug 1188524

*** This bug has been marked as a duplicate of bug 1188524 ***