Fedora 26: 2017-45625fecca critical: Open vSwitch Network Threats

Open vSwitch provides standard network bridging functions and

support for the OpenFlow protocol for remote per-flow control of

traffic.

Add a symlink of the OCF script in the OCF resources folder ---- Updated to

Open vSwitch 2.7.3 and DPDK 16.11.3 for CVE-2017-14970 ---- Security fix for

CVE-2017-9263, CVE-2017-9265 ---- Updated to Open vSwitch 2.7.1 and DPDK

16.11.2 (#1468234)

[ 1 ] Bug #1497966 - CVE-2017-14970 openvswitch: Multiple memory leaks in lib/ofp-util.c while parsing malformed OpenFlow group mod messages

https://bugzilla.redhat.com/show_bug.cgi?id=1497966

[ 2 ] Bug #1457327 - CVE-2017-9263 openvswitch: Invalid processing of a malicious OpenFlow role status message

https://bugzilla.redhat.com/show_bug.cgi?id=1457327

[ 3 ] Bug #1457335 - CVE-2017-9265 openvswitch: Buffer over-read while parsing the group mod OpenFlow message

https://bugzilla.redhat.com/show_bug.cgi?id=1457335

su -c 'dnf upgrade openvswitch' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org