From https://bugzilla.redhat.com/show_bug.cgi?id=1457335: In Open vSwitch there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. References: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html From https://bugzilla.redhat.com/show_bug.cgi?id=1457329: In lib/conntrack.c in the firewall implementation in Open vSwitch, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. References: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html From https://bugzilla.redhat.com/show_bug.cgi?id=1457327: In Open vSwitch while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. References: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html From https://bugzilla.redhat.com/show_bug.cgi?id=1457325: In Open vSwitch a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. References: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE numbers for the issues. Please add to alias CVE-2016-10377 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265
CVE-2016-10377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10377): In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. CVE-2017-9263 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9263): In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. CVE-2017-9264 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9264): In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. CVE-2017-9265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9265): In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
I cleaned up as much as I could (neutron needs a 2.6 to remain around), but removed all others, 2.7.2 has all the fixes/patches mentioned here and was fast stablized (low delta at that). removing self from cc, feel free to readd if additional work is needed
tree is clean now.
