Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE: 2018:4148-1 Moderate: openvswitch Buffer Overread

opensuse
Calendar Grey December 16, 2018
Dist Opensuse Esm H88
An openSUSE upgrade resolves medium-level vulnerabilities associated with openvswitch, bolstering both performance and security robustness.
An update that fixes three vulnerabilities is now available.

Description

This update for openvswitch to version 2.7.6 fixes the following issues:

These security issues were fixed:

- CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle

commit (bsc#1104467).

- CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding

(bsc#1104467).

- CVE-2018-17204:When decoding a group mod, it validated the group type

and command after the whole group mod has been decoded. The OF1.5

decoder, however, tried to use the type and command earlier, when it

might still be invalid. This caused an assertion failure (via

OVS_NOT_REACHED) (bsc#1104467).

These non-security issues were fixed:

- ofproto/bond: Fix bond reconfiguration race condition.

- ofproto/bond: Fix bond post recirc rule leak.

- ofproto/bond: fix interal flow leak of tcp-balance bond

- systemd: Restart openvswitch service if a daemon crashes

- conntrack: Fix checks for TCP, UDP, and IPv6 header sizes.

- ofp-actions: Fix...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1562=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

openvswitch-2.7.6-19.1

openvswitch-debuginfo-2.7.6-19.1

openvswitch-debugsource-2.7.6-19.1

openvswitch-devel-2.7.6-19.1

openvswitch-ovn-central-2.7.6-19.1

openvswitch-ovn-central-debuginfo-2.7.6-19.1

openvswitch-ovn-common-2.7.6-19.1

openvswitch-ovn-common-debuginfo-2.7.6-19.1

openvswitch-ovn-docker-2.7.6-19.1

openvswitch-ovn-host-2.7.6-19.1

openvswitch-ovn-host-debuginfo-2.7.6-19.1

openvswitch-ovn-vtep-2.7.6-19.1

openvswitch-ovn-vtep-debuginfo-2.7.6-19.1

openvswitch-pki-2.7.6-19.1

openvswitch-test-2.7.6-19.1

openvswitch-test-debuginfo-2.7.6-19.1

openvswitch-vtep-2.7.6-19.1

openvswitch-vtep-debuginfo-2.7.6-19.1

python-openvswitch-2.7.6-19.1

python-openvswitch-test-2.7.6-19.1

References

https://www.suse.com/security/cve/CVE-2018-17204.html

https://www.suse.com/security/cve/CVE-2018-17205.html

https://www.suse.com/security/cve/CVE-2018-17206.html

https://bugzilla.suse.com/1104467

--

Announcement ID: openSUSE-SU-2018:4148-1
Rating: moderate
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here