Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

SUSE: 2017:2212-1 Important: Openvswitch Crash and Execution Risk

suse
Calendar Grey August 18, 2017
Dist Suse Esm H88
SUSE Security Patch for openvswitch mitigates severe vulnerabilities and includes update guidance for impacted installations.
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes ...

Summary

This update for openvswitch fixes the following issues: - CVE-2017-9263: OpenFlow role status message can cause a call to abort() leading to application crash (bsc#1041470) - CVE-2017-9265: Buffer over-read while parsing message could lead to crash or maybe arbitrary code execution (bsc#1041447) - Do not restart the ovs-vswitchd and ovsdb-server services on package updates (bsc#1002734) - Do not restart the ovs-vswitchd, ovsdb-server and openvswitch services on package removals. This facilitates potential future package moves but also preserves connectivity when the package is removed (bsc#1050896) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3:

References

#1002734 #1041447 #1041470 #1050896

Cross- CVE-2017-9263 CVE-2017-9265

Affected Products:

SUSE Linux Enterprise Server 12-SP3

https://www.suse.com/security/cve/CVE-2017-9263.html

https://www.suse.com/security/cve/CVE-2017-9265.html

https://bugzilla.suse.com/1002734

https://bugzilla.suse.com/1041447

https://bugzilla.suse.com/1041470

https://bugzilla.suse.com/1050896

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2212-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.