SUSE-SU-2026:22145-1: important: Security update for openvswitch
SLE-UPDATES
null at suse.de
Thu Jun 18 20:30:21 UTC 2026
# Security update for openvswitch
Announcement ID: SUSE-SU-2026:22145-1
Release Date: 2026-06-17T08:39:16Z
Rating: important
References:
* bsc#1261273
* bsc#1262498
* bsc#1262499
Cross-References:
* CVE-2026-34956
* CVE-2026-5265
* CVE-2026-5367
CVSS scores:
* CVE-2026-34956 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34956 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5265 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-5265 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-5367 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-5367 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* SUSE Linux Micro 6.2
An update that solves three vulnerabilities can now be installed.
## Description:
This update for openvswitch fixes the following issues
* CVE-2026-5265: heap over-read in ICMP error response generation
(bsc#1262498).
* CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing
(bsc#1262499).
* CVE-2026-34956: Invalid memory access in conntrack FTP alg (bsc#1261273).
Changes for openvswitch:
* Update ovn to 25.03.3
* Bug fixes
* Add support for special port_security prefix "VRRPv3". This prefix allows
CMS to allow all required traffic for a VRRPv3 virtual router behind LSP.
See ovn-nb(5) man page for more details.
* Fixed support for fragmented traffic in the userspace datapath. Added the
"acl_ct_translation" NB_Global option to enable connection tracking based L4
field translation for stateful ACLs. When enabled allows proper handling of
IP fragmentation in userspace datapaths. This option may break hardware
offloading and is disabled by default.
* Added disable_garp_rarp option to logical_router table in order to disable
GARP/RARP announcements by all the peer ports of this logical router.
* Update openvswitch to 3.5.4
* Full changelog https://www.openvswitch.org/releases/NEWS-3.5.4.txt
* OVS validated with DPDK 24.11.4.
* Fixed buffer overflow during conntrack processing of alg=ftp in userspace
datapath (CVE-2026-34956) (bsc#1261273).
* Update openvswitch to 3.5.3
* Full changelog https://www.openvswitch.org/releases/NEWS-3.5.3.txt
* Bug fixes
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.2
zypper in -t patch SUSE-SL-Micro-6.2-937=1
## Package List:
* SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64)
* python3-openvswitch-debuginfo-3.5.4-160000.4.1
* libopenvswitch-3_5-0-debuginfo-3.5.4-160000.4.1
* openvswitch-3.5.4-160000.4.1
* openvswitch-debuginfo-3.5.4-160000.4.1
* libopenvswitch-3_5-0-3.5.4-160000.4.1
* openvswitch-debugsource-3.5.4-160000.4.1
* python3-openvswitch-3.5.4-160000.4.1
## References:
* https://www.suse.com/security/cve/CVE-2026-34956.html
* https://www.suse.com/security/cve/CVE-2026-5265.html
* https://www.suse.com/security/cve/CVE-2026-5367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261273
* https://bugzilla.suse.com/show_bug.cgi?id=1262498
* https://bugzilla.suse.com/show_bug.cgi?id=1262499
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260618/1093c61c/attachment.htm>
More information about the sle-updates
mailing list