Security update for openvswitch SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0479-1 Final 1 1 2021-02-15T09:58:41Z current 2021-02-15T09:58:41Z 2021-02-15T09:58:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openvswitch This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-479,SUSE-OpenStack-Cloud-9-2021-479,SUSE-OpenStack-Cloud-Crowbar-9-2021-479,SUSE-SLE-SAP-12-SP4-2021-479,SUSE-SLE-SERVER-12-SP4-LTSS-2021-479 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210479-1/ Link for SUSE-SU-2021:0479-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008326.html E-Mail link for SUSE-SU-2021:0479-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1181742 SUSE Bug 1181742 https://www.suse.com/security/cve/CVE-2020-35498/ SUSE CVE CVE-2020-35498 page SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 libopenvswitch-2_8-0-2.8.10-4.26.1 openvswitch-2.8.10-4.26.1 openvswitch-devel-2.8.10-4.26.1 openvswitch-doc-2.8.10-4.26.1 openvswitch-ovn-central-2.8.10-4.26.1 openvswitch-ovn-common-2.8.10-4.26.1 openvswitch-ovn-docker-2.8.10-4.26.1 openvswitch-ovn-host-2.8.10-4.26.1 openvswitch-ovn-vtep-2.8.10-4.26.1 openvswitch-pki-2.8.10-4.26.1 openvswitch-test-2.8.10-4.26.1 openvswitch-vtep-2.8.10-4.26.1 python2-ovs-2.8.10-4.26.1 python3-ovs-2.8.10-4.26.1 libopenvswitch-2_8-0-2.8.10-4.26.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS openvswitch-2.8.10-4.26.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libopenvswitch-2_8-0-2.8.10-4.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 openvswitch-2.8.10-4.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libopenvswitch-2_8-0-2.8.10-4.26.1 as a component of SUSE OpenStack Cloud 9 openvswitch-2.8.10-4.26.1 as a component of SUSE OpenStack Cloud 9 libopenvswitch-2_8-0-2.8.10-4.26.1 as a component of SUSE OpenStack Cloud Crowbar 9 openvswitch-2.8.10-4.26.1 as a component of SUSE OpenStack Cloud Crowbar 9 A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. CVE-2020-35498 SUSE Linux Enterprise Server 12 SP4-LTSS:libopenvswitch-2_8-0-2.8.10-4.26.1 SUSE Linux Enterprise Server 12 SP4-LTSS:openvswitch-2.8.10-4.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenvswitch-2_8-0-2.8.10-4.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:openvswitch-2.8.10-4.26.1 SUSE OpenStack Cloud 9:libopenvswitch-2_8-0-2.8.10-4.26.1 SUSE OpenStack Cloud 9:openvswitch-2.8.10-4.26.1 SUSE OpenStack Cloud Crowbar 9:libopenvswitch-2_8-0-2.8.10-4.26.1 SUSE OpenStack Cloud Crowbar 9:openvswitch-2.8.10-4.26.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210479-1/ https://www.suse.com/security/cve/CVE-2020-35498.html CVE-2020-35498 https://bugzilla.suse.com/1181742 SUSE Bug 1181742