USN-7396-1: OVN vulnerability
31 March 2025
OVN would allow unintended access to the network.
Releases
Packages
- ovn - system to support virtual network abstraction
Details
Marius Berntsberg, Trygve Vea, Tore Anderson, Rodolfo Alonso, Jay Faulkner,
and Brian Haley discovered that OVN incorrectly handled certain crafted UDP
packets. A remote attacker could possibly use this issue to bypass egress
ACL rules.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.10
-
ovn-central
-
24.09.0-1ubuntu0.1
-
ovn-common
-
24.09.0-1ubuntu0.1
-
ovn-docker
-
24.09.0-1ubuntu0.1
-
ovn-host
-
24.09.0-1ubuntu0.1
-
ovn-ic
-
24.09.0-1ubuntu0.1
Ubuntu 24.04
-
ovn-central
-
24.03.2-0ubuntu0.24.04.2
-
ovn-common
-
24.03.2-0ubuntu0.24.04.2
-
ovn-docker
-
24.03.2-0ubuntu0.24.04.2
-
ovn-host
-
24.03.2-0ubuntu0.24.04.2
-
ovn-ic
-
24.03.2-0ubuntu0.24.04.2
Ubuntu 22.04
-
ovn-central
-
22.03.3-0ubuntu0.22.04.5
-
ovn-common
-
22.03.3-0ubuntu0.22.04.5
-
ovn-docker
-
22.03.3-0ubuntu0.22.04.5
-
ovn-host
-
22.03.3-0ubuntu0.22.04.5
-
ovn-ic
-
22.03.3-0ubuntu0.22.04.5
Ubuntu 20.04
-
ovn-central
-
20.03.2-0ubuntu0.20.04.6
-
ovn-common
-
20.03.2-0ubuntu0.20.04.6
-
ovn-docker
-
20.03.2-0ubuntu0.20.04.6
-
ovn-host
-
20.03.2-0ubuntu0.20.04.6
-
ovn-ic
-
20.03.2-0ubuntu0.20.04.6
In general, a standard system update will make all the necessary changes.