{"id":5284,"date":"2026-05-26T15:07:40","date_gmt":"2026-05-26T13:07:40","guid":{"rendered":"https:\/\/yaook.cloud\/?page_id=5284"},"modified":"2026-05-28T12:25:59","modified_gmt":"2026-05-28T10:25:59","slug":"security-advisories-cve-2026-5265-5367","status":"publish","type":"page","link":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-5265-5367\/","title":{"rendered":"security-advisories\/cve-2026-5265-5367"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"5284\" class=\"elementor elementor-5284\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-56e0628 e-flex e-con-boxed e-con e-parent\" data-id=\"56e0628\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-050bc69 elementor-widget elementor-widget-text-editor\" data-id=\"050bc69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h1>YAOOK Security Advisory for CVE-2026-5265 and CVE-2026-5367<\/h1><ul><li>Date: 2026-05-26<\/li><li>Upstream advisory: <a href=\"https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000394.html\">https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000394.html<\/a> and <a href=\"https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000395.html\">https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000395.html<\/a><\/li><\/ul><h2>What is CVE-2026-5265 and how does it affect YAOOK?<\/h2><p>If OVN generates icmp error messages (for whatever reason) the icmp packet contains<br \/>parts of the error generating packet. Users can trick OVN into reading past the original<br \/>packet for at most 576 bytes.<\/p><p>You can generally assume your cluster is affected by this.<\/p><h2>What is CVE-2026-5367 and how does it affect YAOOK?<\/h2><p>If OVN handles dhcpv6 and provides dhcpv6 options to users then an attacker can trick<br \/>OVN into reading memory outside of the original packet.<\/p><p>Only ports that have `dhcpv6_options` set on the LSP.<\/p><h2>Is my cluster vulnerable?<\/h2><p>The following images are vulnerable:<\/p><ul><li>ovn images before 1.0.153<\/li><li>yaook release before v2.3.0 (&lt;=v2.2.0)<\/li><\/ul><p>If any of these images are used in your cluster, the cluster is vulnerable.<\/p><h2>Upgrading<\/h2><p>A new stable release will be published according to the release cycle.<br \/>You can upgrade to that release simply by updating your operators.<\/p><p>If you want to upgrade in advance you can pin your ovn image to<br \/>v24.09.3-1.0.153 in the neutron-operator:<\/p><p><code>values:<br \/>\u00a0 operator:<br \/>\u00a0 \u00a0 extraEnv:<br \/>\u00a0 \u00a0 - name: YAOOK_OP_VERSIONS_OVERRIDE<br \/>\u00a0 \u00a0 \u00a0 value: |<br \/>\u00a0 \u00a0 \u00a0 \u00a0\u00a0<span class=\"line\" data-lang=\"yaml\"><span class=\"na\">registry.yaook.cloud\/yaook\/ovn<\/span><span class=\"pi\">:<\/span><\/span>\u00a0<span class=\"line\" data-lang=\"yaml\"><span class=\"na\">registry.yaook.cloud\/yaook\/ovn<\/span><span class=\"pi\">:<\/span>v24.09.3-1.0.153<\/span><\/code><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>YAOOK Security Advisory for CVE-2026-5265 and CVE-2026-5367 Date: 2026-05-26 Upstream advisory: https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000394.html and https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000395.html What is CVE-2026-5265 and how does it affect YAOOK? If OVN generates icmp error messages (for whatever reason) the icmp packet containsparts of the error generating packet. Users can trick OVN into reading past the originalpacket for at most 576 bytes. [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5284","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>security-advisories\/cve-2026-5265-5367 &#187; Yaook<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-5265-5367\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"security-advisories\/cve-2026-5265-5367 &#187; Yaook\" \/>\n<meta property=\"og:description\" content=\"YAOOK Security Advisory for CVE-2026-5265 and CVE-2026-5367 Date: 2026-05-26 Upstream advisory: https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000394.html and https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000395.html What is CVE-2026-5265 and how does it affect YAOOK? If OVN generates icmp error messages (for whatever reason) the icmp packet containsparts of the error generating packet. Users can trick OVN into reading past the originalpacket for at most 576 bytes. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-5265-5367\/\" \/>\n<meta property=\"og:site_name\" content=\"Yaook\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-28T10:25:59+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-5265-5367\\\/\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-5265-5367\\\/\",\"name\":\"security-advisories\\\/cve-2026-5265-5367 &#187; Yaook\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#website\"},\"datePublished\":\"2026-05-26T13:07:40+00:00\",\"dateModified\":\"2026-05-28T10:25:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-5265-5367\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-5265-5367\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-5265-5367\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/yaook.cloud\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"security-advisories\\\/cve-2026-5265-5367\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#website\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/\",\"name\":\"Yaook\",\"description\":\"The Lifecycle Management Tool for OpenStack\",\"publisher\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/yaook.cloud\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#organization\",\"name\":\"ALASCA e.V.\",\"alternateName\":\"Alasca - Verband f\u00fcr betriebsf\u00e4hige, offene Cloud-Infrastrukturen e.V.\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/alasca.cloud\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/favicon.png\",\"contentUrl\":\"https:\\\/\\\/alasca.cloud\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/favicon.png\",\"width\":512,\"height\":512,\"caption\":\"ALASCA e.V.\"},\"image\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"security-advisories\/cve-2026-5265-5367 \u00bb Yaook","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-5265-5367\/","og_locale":"en_GB","og_type":"article","og_title":"security-advisories\/cve-2026-5265-5367 &#187; Yaook","og_description":"YAOOK Security Advisory for CVE-2026-5265 and CVE-2026-5367 Date: 2026-05-26 Upstream advisory: https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000394.html and https:\/\/mail.openvswitch.org\/pipermail\/ovs-announce\/2026-April\/000395.html What is CVE-2026-5265 and how does it affect YAOOK? If OVN generates icmp error messages (for whatever reason) the icmp packet containsparts of the error generating packet. Users can trick OVN into reading past the originalpacket for at most 576 bytes. [&hellip;]","og_url":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-5265-5367\/","og_site_name":"Yaook","article_modified_time":"2026-05-28T10:25:59+00:00","twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-5265-5367\/","url":"https:\/\/yaook.cloud\/security-advisories-cve-2026-5265-5367\/","name":"security-advisories\/cve-2026-5265-5367 \u00bb Yaook","isPartOf":{"@id":"https:\/\/yaook.cloud\/#website"},"datePublished":"2026-05-26T13:07:40+00:00","dateModified":"2026-05-28T10:25:59+00:00","breadcrumb":{"@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-5265-5367\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/yaook.cloud\/security-advisories-cve-2026-5265-5367\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-5265-5367\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/yaook.cloud\/"},{"@type":"ListItem","position":2,"name":"security-advisories\/cve-2026-5265-5367"}]},{"@type":"WebSite","@id":"https:\/\/yaook.cloud\/#website","url":"https:\/\/yaook.cloud\/","name":"Yaook","description":"The Lifecycle Management Tool for OpenStack","publisher":{"@id":"https:\/\/yaook.cloud\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/yaook.cloud\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/yaook.cloud\/#organization","name":"ALASCA e.V.","alternateName":"Alasca - Verband f\u00fcr betriebsf\u00e4hige, offene Cloud-Infrastrukturen e.V.","url":"https:\/\/yaook.cloud\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/yaook.cloud\/#\/schema\/logo\/image\/","url":"https:\/\/alasca.cloud\/wp-content\/uploads\/2022\/08\/favicon.png","contentUrl":"https:\/\/alasca.cloud\/wp-content\/uploads\/2022\/08\/favicon.png","width":512,"height":512,"caption":"ALASCA e.V."},"image":{"@id":"https:\/\/yaook.cloud\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/comments?post=5284"}],"version-history":[{"count":22,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5284\/revisions"}],"predecessor-version":[{"id":5335,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5284\/revisions\/5335"}],"wp:attachment":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/media?parent=5284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}