This update for openvswitch to version 2.7.6 fixes the following issues:
These security issues were fixed:
- CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle
commit (bsc#1104467).
- CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding
(bsc#1104467).
- CVE-2018-17204:When decoding a group mod, it validated the group type
and command after the whole group mod has been decoded. The OF1.5
decoder, however, tried to use the type and command earlier, when it
might still be invalid. This caused an assertion failure (via
OVS_NOT_REACHED) (bsc#1104467).
These non-security issues were fixed:
- ofproto/bond: Fix bond reconfiguration race condition.
- ofproto/bond: Fix bond post recirc rule leak.
- ofproto/bond: fix interal flow leak of tcp-balance bond
- systemd: Restart openvswitch service if a daemon crashes
- conntrack: Fix checks for TCP, UDP, and IPv6 header sizes.
- ofp-actions: Fix...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1562=1
- openSUSE Leap 42.3 (i586 x86_64):
openvswitch-2.7.6-19.1
openvswitch-debuginfo-2.7.6-19.1
openvswitch-debugsource-2.7.6-19.1
openvswitch-devel-2.7.6-19.1
openvswitch-ovn-central-2.7.6-19.1
openvswitch-ovn-central-debuginfo-2.7.6-19.1
openvswitch-ovn-common-2.7.6-19.1
openvswitch-ovn-common-debuginfo-2.7.6-19.1
openvswitch-ovn-docker-2.7.6-19.1
openvswitch-ovn-host-2.7.6-19.1
openvswitch-ovn-host-debuginfo-2.7.6-19.1
openvswitch-ovn-vtep-2.7.6-19.1
openvswitch-ovn-vtep-debuginfo-2.7.6-19.1
openvswitch-pki-2.7.6-19.1
openvswitch-test-2.7.6-19.1
openvswitch-test-debuginfo-2.7.6-19.1
openvswitch-vtep-2.7.6-19.1
openvswitch-vtep-debuginfo-2.7.6-19.1
python-openvswitch-2.7.6-19.1
python-openvswitch-test-2.7.6-19.1
https://www.suse.com/security/cve/CVE-2018-17204.html
https://www.suse.com/security/cve/CVE-2018-17205.html
https://www.suse.com/security/cve/CVE-2018-17206.html
https://bugzilla.suse.com/1104467
--
Get the latest Linux and open source security news straight to your inbox.