Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0274 openvswitch security update 25 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openvswitch Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-27827 CVE-2015-8011 Reference: ESB-2021.0169 ESB-2021.0066 ESB-2020.4516 ESB-2020.4460 Original Bulletin: http://www.debian.org/security/2021/dsa-4836 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4836-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 22, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : openvswitch CVE ID : CVE-2015-8011 CVE-2020-27827 Debian Bug : 980132 Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, a software-based Ethernet virtual switch, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in version 2.10.6+ds1-0+deb10u1. We recommend that you upgrade your openvswitch packages. For the detailed security status of openvswitch please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvswitch Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmALHj0ACgkQEMKTtsN8 TjaYHw/6Atkb8+AS+g8R3FpNe0L+Eqie3RzZ1ZOhbJTvkBzeKdusw4dNk7DfsbJt uy/b2hHvooR+MQVpxeDXD/Azpf+k7b1m3LZ7P/fKKsXDmuMX6jge8rai8DZyJdfI IRYjU+yqd6z9ytKRg8bPcXgG/1hmdMznunBdpdLKQnmtH2EsVrflAaqAkABqVjO6 X0NHzUsRrI0yXWLDI3pqD7bc8Oq/TFtHi6BCBVxk3VPegBC3CzAelPfHu5KJeSKC lOyrmc+ut/HbXJexRFzkrrNQsYB2M7/ZgJLv0XQmYaP7vnpu09xaaqYBreCIp8Q9 DZmCy9pLVzop0WNJzdLnRbwhBB2eBZF6qyax6ldvifcN/QAnLLC4Zzg1eNdktrPE Dq9rJ/6U56DycmqKrlyKvlpTHM0IJ4+4TI5yM4OL2/wDkT/Mfjr7lwQbo/Xafy/X +vviNQGFd2z/8aIdkc0auPhGle/VME+mlBBLCNU47HrfaWTIR94PFjKfmTL/9dzM VRz6TfS5yG9kCi9H1xB/94q50no186IVUh5+Jr7SnfCr0sSm5ahNIIEtg5lmvqHd pUDZD7tO0uvcMUIV06xXSealz1ECKzwB0ZaJYfngOZ/KnBr7opZsDXm0wRVZdSBN DFZQX3XNSM1Gi0xHlV6uYQgi2HRuPk5QdW2TqmEN7XUNeQ9xdpI= =BZCg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYA4BEuNLKJtyKPYoAQjHvhAAiPTauJaE7v9h8bi5akLXcGT7zZlxm6vZ JpLrthup51UzNZifPBx+OwdKJ1m9Qdi3EjrCPQyZ6pp3VeyO5AwbyFuBviBciYIa RrYK0opupUyexboCGY+4xZjkh5q8PhJ8d+N/XETul1hkmRX1yzCsAn/+doV0o5SW 2+DiPrLfqF+MLpXQNcYe5Z2RYYNpFaMjzm16OGGn5cuzhZILEGYKRIr77Hbnc2lW elo9ysD+OJgRqtA4dPQLupOSi1XYcxPWoJoZ7i/h8GfypAhhL5CxIqyceCtUeelP 58aXEc1Dx3cnDet6vkhtwEpnlO29DBO3xCnuE1+/IyUUfH4g2LgD4qTMTZol+AIr OHC3S3+Bokude8uLkBLiPpqMcwVBwR22cI2dO4eN0AfYjzGYhFj2D7SdKkwC+2oa TfdD54ww00P3xs13NoO2eFWemif0rWMbttw7RiW4DiMl04jPoRYN9y9x9PLkqHl0 PTxnMoCbf/K+qw231UpPawBcLGkbOLIhpID8Ie8ihUUE+P1D5bxNcufWEOHhj55w S399MhHuJRiIyDRq856dl0tSOKmz8x2t4JZWDGvl2VsXtoEQ/7zui8lwJSF33grZ 2calR4AxYqLyPCcTMIE6CJctDAo1igKPSy8Lmc/VRxY0HhFrI5gHe/68pAOzMOF8 9m5dGNyidW0= =bqQF -----END PGP SIGNATURE-----