Security update for openvswitch
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:2272-1
Final
1
1
2017-08-28T10:04:50Z
current
2017-08-28T10:04:50Z
2017-08-28T10:04:50Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for openvswitch
This update for openvswitch fixes the following issues:
- CVE-2017-9263: OpenFlow role status message can cause a call to abort() leading to application crash (bsc#1041470)
- CVE-2017-9265: Buffer over-read while parsing message could lead to crash or maybe arbitrary code execution (bsc#1041447)
- Do not restart the ovs-vswitchd and ovsdb-server services
on package updates (bsc#1002734)
- Do not restart the ovs-vswitchd, ovsdb-server and openvswitch
services on package removals. This facilitates potential future
package moves but also preserves connectivity when the package is
removed (bsc#1050896)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2017-08/msg00103.html
E-Mail link for openSUSE-SU-2017:2272-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.3
openvswitch-2.7.0-4.1
openvswitch-devel-2.7.0-4.1
openvswitch-ovn-central-2.7.0-4.1
openvswitch-ovn-common-2.7.0-4.1
openvswitch-ovn-docker-2.7.0-4.1
openvswitch-ovn-host-2.7.0-4.1
openvswitch-ovn-vtep-2.7.0-4.1
openvswitch-pki-2.7.0-4.1
openvswitch-test-2.7.0-4.1
openvswitch-vtep-2.7.0-4.1
python-openvswitch-2.7.0-4.1
python-openvswitch-test-2.7.0-4.1
openvswitch-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-devel-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-ovn-central-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-ovn-common-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-ovn-docker-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-ovn-host-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-ovn-vtep-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-pki-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-test-2.7.0-4.1 as a component of openSUSE Leap 42.3
openvswitch-vtep-2.7.0-4.1 as a component of openSUSE Leap 42.3
python-openvswitch-2.7.0-4.1 as a component of openSUSE Leap 42.3
python-openvswitch-test-2.7.0-4.1 as a component of openSUSE Leap 42.3
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
CVE-2017-9263
openSUSE Leap 42.3:openvswitch-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-devel-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-central-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-common-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-docker-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-host-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-vtep-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-pki-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-test-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-vtep-2.7.0-4.1
openSUSE Leap 42.3:python-openvswitch-2.7.0-4.1
openSUSE Leap 42.3:python-openvswitch-test-2.7.0-4.1
moderate
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-08/msg00103.html
https://www.suse.com/security/cve/CVE-2017-9263.html
CVE-2017-9263
https://bugzilla.suse.com/1041470
SUSE Bug 1041470
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
CVE-2017-9265
openSUSE Leap 42.3:openvswitch-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-devel-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-central-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-common-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-docker-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-host-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-ovn-vtep-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-pki-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-test-2.7.0-4.1
openSUSE Leap 42.3:openvswitch-vtep-2.7.0-4.1
openSUSE Leap 42.3:python-openvswitch-2.7.0-4.1
openSUSE Leap 42.3:python-openvswitch-test-2.7.0-4.1
moderate
5.8
AV:N/AC:M/Au:N/C:P/I:N/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-08/msg00103.html
https://www.suse.com/security/cve/CVE-2017-9265.html
CVE-2017-9265
https://bugzilla.suse.com/1041447
SUSE Bug 1041447