- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-3450-1
October 11, 2017
openvswitch vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Open vSwitch.
Software Description:
– openvswitch: Ethernet virtual switch
Details:
Bhargava Shastry discovered that Open vSwitch incorrectly handled certain
OFP messages. A remote attacker could possibly use this issue to cause
Open vSwitch to crash, resulting in a denial of service. (CVE-2017-9214)
It was discovered that Open vSwitch incorrectly handled certain OpenFlow
role messages. A remote attacker could possibly use this issue to cause
Open vSwitch to crash, resulting in a denial of service. (CVE-2017-9263)
It was discovered that Open vSwitch incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue to cause Open
vSwitch to crash, resulting in a denial of service. This issue only
affected Ubuntu 17.04. (CVE-2017-9264)
It was discovered that Open vSwitch incorrectly handled group mod OpenFlow
messages. A remote attacker could possibly use this issue to cause Open
vSwitch to crash, resulting in a denial of service. (CVE-2017-9265)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
openvswitch-common 2.6.1-0ubuntu5.1
Ubuntu 16.04 LTS:
openvswitch-common 2.5.2-0ubuntu0.16.04.2
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3450-1
CVE-2017-9214, CVE-2017-9263, CVE-2017-9264, CVE-2017-9265
Package Information:
https://launchpad.net/ubuntu/+source/openvswitch/2.6.1-0ubuntu5.1
https://launchpad.net/ubuntu/+source/openvswitch/2.5.2-0ubuntu0.16.04.2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJZ3huVAAoJEGVp2FWnRL6TVHwQAJW1qF0OiF8XFooUtQ42KW1N
JPkAV1koYNsEH5k4Wmmcx8Se5yeLJ3G2HijIBXYijvIq8/nLJ+D2lOV0L95CTVH7
tI05dLETwMO1JmymxGTBJeUCmoyyYMmoJT3TliCRUNxBp9XjWon2QfxOkaVnvsEY
zS6pdYHQFguzvCs48Lq7Sgoug0cEDa9AJRn46Mxr9Nx3eluUhbaq1JM834XHTmyN
DiqYcrnir5C/qKD2QpljXCnduxtwvEWzFHvr+DuhSXWQRhs+5TQjpp3tF+27izsv
dtMnadY2yJG/F/7/fBKSd5k/IGeDsDLRgzGQmzz5yFIY41mbE+pI71OxPMOosRYg
+FSUqireASYMtZb084e1br9n6sEPCzCYrZXBOmuQtSp6uMg9uuMhn0TIvHyjGHvM
0InGwqzi08E4CUVxET/Dd2h1pdBQaViL31xdn4fhQpj++CFX5gTSCADPlXk0CUNC
X/j6ECURxMtM5X4cyHAsLn83FNt3kXz6SuGnoybioIsk5NkLUvSj1ChOyEd5Lw5O
C1Tbjf6uobGd6DPz1rMozI+ihMYddwvolAugGFP4S1U0PifUvQJ7opcbygZ7U9Gz
ON3FEQp8Y9jlDk56T5xBeVnZFM5zB64udAXXl2cLubWdBB5jXSUN9qmDT2gVdu3l
ZgchD78QwrTB49v8EzXq
=cafp
—–END PGP SIGNATURE—–
—
| Autor | Danijel Kozinovic |
| Cert id | NCERT-REF-2017-10-0082-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
