Описание
Security update for openvswitch
This update for openvswitch fixes the following issues:
-
CVE-2017-9263: OpenFlow role status message can cause a call to abort() leading to application crash (bsc#1041470)
-
CVE-2017-9265: Buffer over-read while parsing message could lead to crash or maybe arbitrary code execution (bsc#1041447)
-
Do not restart the ovs-vswitchd and ovsdb-server services on package updates (bsc#1002734)
-
Do not restart the ovs-vswitchd, ovsdb-server and openvswitch services on package removals. This facilitates potential future package moves but also preserves connectivity when the package is removed (bsc#1050896)
Список пакетов
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Ссылки
- Link for SUSE-SU-2017:2212-1
- E-Mail link for SUSE-SU-2017:2212-1
- SUSE Security Ratings
- SUSE Bug 1002734
- SUSE Bug 1041447
- SUSE Bug 1041470
- SUSE Bug 1050896
- SUSE CVE CVE-2017-9263 page
- SUSE CVE CVE-2017-9265 page
Описание
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
Затронутые продукты
Ссылки
- CVE-2017-9263
- SUSE Bug 1041470
Описание
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
Затронутые продукты
Ссылки
- CVE-2017-9265
- SUSE Bug 1041447