Описание
Security update for openvswitch
This update for openvswitch fixes the following issues:
-
CVE-2017-9263: OpenFlow role status message can cause a call to abort() leading to application crash (bsc#1041470)
-
CVE-2017-9265: Buffer over-read while parsing message could lead to crash or maybe arbitrary code execution (bsc#1041447)
-
Do not restart the ovs-vswitchd and ovsdb-server services on package updates (bsc#1002734)
-
Do not restart the ovs-vswitchd, ovsdb-server and openvswitch services on package removals. This facilitates potential future package moves but also preserves connectivity when the package is removed (bsc#1050896)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2272-1
- SUSE Security Ratings
Описание
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
Затронутые продукты
Ссылки
- CVE-2017-9263
- SUSE Bug 1041470
Описание
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
Затронутые продукты
Ссылки
- CVE-2017-9265
- SUSE Bug 1041447