"Multiple versions of Open vSwitch are vulnerable to denial of service attacks in which crafted LLDP packets could cause memory to be lost when allocating data to handle specific optional TLVs. Triggering the vulnerability requires LLDP processing to be enabled for a specific port. Open vSwitch versions before 2.5.x are not vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) previously assigned the identifier CVE-2020-27827 to this issue for the `lldpd` project, and the Open vSwitch project."
this is fixed (2.14.1 added and fast stabled with cleanup)
Waiting for bug 769995.
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=6109db58da8356109819f2e31a15acb75bbd5b61 commit 6109db58da8356109819f2e31a15acb75bbd5b61 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-26 10:06:58 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-26 10:07:30 +0000 [ GLSA 202311-16 ] Open vSwitch: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/765346 Bug: https://bugs.gentoo.org/769995 Bug: https://bugs.gentoo.org/803107 Bug: https://bugs.gentoo.org/887561 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-16.xml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+)