RedHat: RHSA-2022-7268:01 Important: Red Hat OpenStack Platform 13.0
Summary
Security Fix(es):
* DoS when a Vhost header crosses more than two descriptors and exhausts
all mbufs (CVE-2022-2132)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Summary
Solution
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2022-2132 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat OpenStack Platform 13.0 - ELS:
Source:
openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm
ppc64le:
openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.ppc64le.rpm
openvswitch2.11-devel-2.11.3-96.2.el7fdp.ppc64le.rpm
python-openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm
x86_64:
openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.x86_64.rpm
openvswitch2.11-devel-2.11.3-96.2.el7fdp.x86_64.rpm
python-openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm
Red Hat OpenStack Platform 13.0 - ELS:
noarch:
openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for openvswitch2.11 is now available for Red Hat OpenStackPlatform 13 (Queens).Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat OpenStack Platform 13.0 - ELS - noarch, ppc64le, x86_64
Bugs Fixed
2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs