SUSE-SU-2026:22152-1: important: Security update for openvswitch
SLE-UPDATES
null at suse.de
Tue Jun 23 16:44:18 UTC 2026
# Security update for openvswitch
Announcement ID: SUSE-SU-2026:22152-1
Release Date: 2026-06-17T08:37:36Z
Rating: important
References:
* bsc#1261273
* bsc#1262498
* bsc#1262499
Cross-References:
* CVE-2026-34956
* CVE-2026-5265
* CVE-2026-5367
CVSS scores:
* CVE-2026-34956 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34956 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5265 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-5265 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-5367 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-5367 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* SUSE Linux Enterprise Server 16.0
* SUSE Linux Enterprise Server for SAP applications 16.0
An update that solves three vulnerabilities can now be installed.
## Description:
This update for openvswitch fixes the following issues
* CVE-2026-5265: heap over-read in ICMP error response generation
(bsc#1262498).
* CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing
(bsc#1262499).
* CVE-2026-34956: Invalid memory access in conntrack FTP alg (bsc#1261273).
Changes for openvswitch:
* Update ovn to 25.03.3
* Bug fixes
* Add support for special port_security prefix "VRRPv3". This prefix allows
CMS to allow all required traffic for a VRRPv3 virtual router behind LSP.
See ovn-nb(5) man page for more details.
* Fixed support for fragmented traffic in the userspace datapath. Added the
"acl_ct_translation" NB_Global option to enable connection tracking based L4
field translation for stateful ACLs. When enabled allows proper handling of
IP fragmentation in userspace datapaths. This option may break hardware
offloading and is disabled by default.
* Added disable_garp_rarp option to logical_router table in order to disable
GARP/RARP announcements by all the peer ports of this logical router.
* Update openvswitch to 3.5.4
* Full changelog https://www.openvswitch.org/releases/NEWS-3.5.4.txt
* OVS validated with DPDK 24.11.4.
* Fixed buffer overflow during conntrack processing of alg=ftp in userspace
datapath (CVE-2026-34956) (bsc#1261273).
* Update openvswitch to 3.5.3
* Full changelog https://www.openvswitch.org/releases/NEWS-3.5.3.txt
* Bug fixes
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP applications 16.0
zypper in -t patch SUSE-SLES-16.0-937=1
* SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-937=1
## Package List:
* SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
* ovn-25.03.3-160000.4.1
* ovn-debuginfo-25.03.3-160000.4.1
* openvswitch-pki-3.5.4-160000.4.1
* ovn-host-debuginfo-25.03.3-160000.4.1
* openvswitch-debugsource-3.5.4-160000.4.1
* openvswitch-devel-3.5.4-160000.4.1
* libovn-25_03-0-debuginfo-25.03.3-160000.4.1
* openvswitch-vtep-3.5.4-160000.4.1
* python3-openvswitch-3.5.4-160000.4.1
* python3-openvswitch-debuginfo-3.5.4-160000.4.1
* openvswitch-vtep-debuginfo-3.5.4-160000.4.1
* libopenvswitch-3_5-0-debuginfo-3.5.4-160000.4.1
* openvswitch-ipsec-3.5.4-160000.4.1
* ovn-vtep-25.03.3-160000.4.1
* ovn-vtep-debuginfo-25.03.3-160000.4.1
* openvswitch-3.5.4-160000.4.1
* ovn-devel-25.03.3-160000.4.1
* ovn-docker-25.03.3-160000.4.1
* ovn-central-debuginfo-25.03.3-160000.4.1
* libopenvswitch-3_5-0-3.5.4-160000.4.1
* libovn-25_03-0-25.03.3-160000.4.1
* ovn-host-25.03.3-160000.4.1
* openvswitch-debuginfo-3.5.4-160000.4.1
* ovn-central-25.03.3-160000.4.1
* SUSE Linux Enterprise Server for SAP applications 16.0 (noarch)
* ovn-doc-25.03.3-160000.4.1
* openvswitch-doc-3.5.4-160000.4.1
* SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
* ovn-25.03.3-160000.4.1
* ovn-debuginfo-25.03.3-160000.4.1
* openvswitch-pki-3.5.4-160000.4.1
* ovn-host-debuginfo-25.03.3-160000.4.1
* openvswitch-debugsource-3.5.4-160000.4.1
* openvswitch-devel-3.5.4-160000.4.1
* libovn-25_03-0-debuginfo-25.03.3-160000.4.1
* openvswitch-vtep-3.5.4-160000.4.1
* python3-openvswitch-3.5.4-160000.4.1
* python3-openvswitch-debuginfo-3.5.4-160000.4.1
* openvswitch-vtep-debuginfo-3.5.4-160000.4.1
* libopenvswitch-3_5-0-debuginfo-3.5.4-160000.4.1
* openvswitch-ipsec-3.5.4-160000.4.1
* ovn-vtep-25.03.3-160000.4.1
* ovn-vtep-debuginfo-25.03.3-160000.4.1
* openvswitch-3.5.4-160000.4.1
* ovn-devel-25.03.3-160000.4.1
* ovn-docker-25.03.3-160000.4.1
* ovn-central-debuginfo-25.03.3-160000.4.1
* libopenvswitch-3_5-0-3.5.4-160000.4.1
* libovn-25_03-0-25.03.3-160000.4.1
* ovn-host-25.03.3-160000.4.1
* openvswitch-debuginfo-3.5.4-160000.4.1
* ovn-central-25.03.3-160000.4.1
* SUSE Linux Enterprise Server 16.0 (noarch)
* ovn-doc-25.03.3-160000.4.1
* openvswitch-doc-3.5.4-160000.4.1
## References:
* https://www.suse.com/security/cve/CVE-2026-34956.html
* https://www.suse.com/security/cve/CVE-2026-5265.html
* https://www.suse.com/security/cve/CVE-2026-5367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261273
* https://bugzilla.suse.com/show_bug.cgi?id=1262498
* https://bugzilla.suse.com/show_bug.cgi?id=1262499
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260623/a95844bb/attachment.htm>
More information about the sle-updates
mailing list