USN-7396-1: OVN vulnerability

USN-7396-1: OVN vulnerability
31 March 2025

OVN would allow unintended access to the network.

Releases
Ubuntu 24.10 Ubuntu 24.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS

Packages
ovn - system to support virtual network abstraction

Details
Marius Berntsberg, Trygve Vea, Tore Anderson, Rodolfo Alonso, Jay Faulkner,
and Brian Haley discovered that OVN incorrectly handled certain crafted UDP
packets. A remote attacker could possibly use this issue to bypass egress
ACL rules.

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.10

• ovn-central - 24.09.0-1ubuntu0.1
• ovn-common - 24.09.0-1ubuntu0.1
• ovn-docker - 24.09.0-1ubuntu0.1
• ovn-host - 24.09.0-1ubuntu0.1
• ovn-ic - 24.09.0-1ubuntu0.1
  Ubuntu 24.04
• ovn-central - 24.03.2-0ubuntu0.24.04.2
• ovn-common - 24.03.2-0ubuntu0.24.04.2
• ovn-docker - 24.03.2-0ubuntu0.24.04.2
• ovn-host - 24.03.2-0ubuntu0.24.04.2
• ovn-ic - 24.03.2-0ubuntu0.24.04.2
  Ubuntu 22.04
• ovn-central - 22.03.3-0ubuntu0.22.04.5
• ovn-common - 22.03.3-0ubuntu0.22.04.5
• ovn-docker - 22.03.3-0ubuntu0.22.04.5
• ovn-host - 22.03.3-0ubuntu0.22.04.5
• ovn-ic - 22.03.3-0ubuntu0.22.04.5
  Ubuntu 20.04
• ovn-central - 20.03.2-0ubuntu0.20.04.6
• ovn-common - 20.03.2-0ubuntu0.20.04.6
• ovn-docker - 20.03.2-0ubuntu0.20.04.6
• ovn-host - 20.03.2-0ubuntu0.20.04.6
• ovn-ic - 20.03.2-0ubuntu0.20.04.6
  In general, a standard system update will make all the necessary changes.