You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openvswitch

Sigurnosni nedostaci programskog paketa openvswitch

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-3450-1
October 11, 2017

openvswitch vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Open vSwitch.

Software Description:
– openvswitch: Ethernet virtual switch

Details:

Bhargava Shastry discovered that Open vSwitch incorrectly handled certain
OFP messages. A remote attacker could possibly use this issue to cause
Open vSwitch to crash, resulting in a denial of service. (CVE-2017-9214)

It was discovered that Open vSwitch incorrectly handled certain OpenFlow
role messages. A remote attacker could possibly use this issue to cause
Open vSwitch to crash, resulting in a denial of service. (CVE-2017-9263)

It was discovered that Open vSwitch incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue to cause Open
vSwitch to crash, resulting in a denial of service. This issue only
affected Ubuntu 17.04. (CVE-2017-9264)

It was discovered that Open vSwitch incorrectly handled group mod OpenFlow
messages. A remote attacker could possibly use this issue to cause Open
vSwitch to crash, resulting in a denial of service. (CVE-2017-9265)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
openvswitch-common 2.6.1-0ubuntu5.1

Ubuntu 16.04 LTS:
openvswitch-common 2.5.2-0ubuntu0.16.04.2

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3450-1
CVE-2017-9214, CVE-2017-9263, CVE-2017-9264, CVE-2017-9265

Package Information:
https://launchpad.net/ubuntu/+source/openvswitch/2.6.1-0ubuntu5.1
https://launchpad.net/ubuntu/+source/openvswitch/2.5.2-0ubuntu0.16.04.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZ3huVAAoJEGVp2FWnRL6TVHwQAJW1qF0OiF8XFooUtQ42KW1N
JPkAV1koYNsEH5k4Wmmcx8Se5yeLJ3G2HijIBXYijvIq8/nLJ+D2lOV0L95CTVH7
tI05dLETwMO1JmymxGTBJeUCmoyyYMmoJT3TliCRUNxBp9XjWon2QfxOkaVnvsEY
zS6pdYHQFguzvCs48Lq7Sgoug0cEDa9AJRn46Mxr9Nx3eluUhbaq1JM834XHTmyN
DiqYcrnir5C/qKD2QpljXCnduxtwvEWzFHvr+DuhSXWQRhs+5TQjpp3tF+27izsv
dtMnadY2yJG/F/7/fBKSd5k/IGeDsDLRgzGQmzz5yFIY41mbE+pI71OxPMOosRYg
+FSUqireASYMtZb084e1br9n6sEPCzCYrZXBOmuQtSp6uMg9uuMhn0TIvHyjGHvM
0InGwqzi08E4CUVxET/Dd2h1pdBQaViL31xdn4fhQpj++CFX5gTSCADPlXk0CUNC
X/j6ECURxMtM5X4cyHAsLn83FNt3kXz6SuGnoybioIsk5NkLUvSj1ChOyEd5Lw5O
C1Tbjf6uobGd6DPz1rMozI+ihMYddwvolAugGFP4S1U0PifUvQJ7opcbygZ7U9Gz
ON3FEQp8Y9jlDk56T5xBeVnZFM5zB64udAXXl2cLubWdBB5jXSUN9qmDT2gVdu3l
ZgchD78QwrTB49v8EzXq
=cafp
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa wordpress

Otkriveni su sigurnosni nedostaci u programskom paketu wordpress za Debian. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju zaobilaženje sigurnosnih ograničenja, umetanje...

Close