Summary: | <net-misc/openvswitch-2.7.2: multiple vulnerabilities (CVE-2016-10377,CVE-2017-{9263,9264,9265}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dev-zero |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
![]() CVE numbers for the issues. Please add to alias CVE-2016-10377 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 CVE-2016-10377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10377): In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. CVE-2017-9263 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9263): In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. CVE-2017-9264 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9264): In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. CVE-2017-9265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9265): In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. I cleaned up as much as I could (neutron needs a 2.6 to remain around), but removed all others, 2.7.2 has all the fixes/patches mentioned here and was fast stablized (low delta at that). removing self from cc, feel free to readd if additional work is needed tree is clean now. |