ESB-2018.3882 - [SUSE] openvswitch: Multiple vulnerabilities 2018-12-17

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3882
                      Security update for openvswitch
                             17 December 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           openvswitch
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-17206 CVE-2018-17205 CVE-2018-17204

Reference:         ESB-2018.3464

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20184128-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for openvswitch
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:4128-1
Rating:             moderate
References:         #1104467 
Cross-References:   CVE-2018-17204 CVE-2018-17205 CVE-2018-17206
                   
Affected Products:
                    SUSE Linux Enterprise Server 12-SP3
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for openvswitch to version 2.7.6 fixes the following issues:

   These security issues were fixed:

   - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle
     commit (bsc#1104467).
   - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding
     (bsc#1104467).
   - CVE-2018-17204:When decoding a group mod, it validated the group type
     and command after the whole group mod has been decoded. The OF1.5
     decoder, however, tried to use the type and command earlier, when it
     might still be invalid. This caused an assertion failure (via
     OVS_NOT_REACHED) (bsc#1104467).

   These non-security issues were fixed:

   - ofproto/bond: Fix bond reconfiguration race condition.
   - ofproto/bond: Fix bond post recirc rule leak.
   - ofproto/bond: fix interal flow leak of tcp-balance bond
   - systemd: Restart openvswitch service if a daemon crashes
   - conntrack: Fix checks for TCP, UDP, and IPv6 header sizes.
   - ofp-actions: Fix translation of set_field for nw_ecn
   - netdev-dpdk: Fix mempool segfault.
   - ofproto-dpif-upcall: Fix flow setup/delete race.
   - learn: Fix memory leak in learn_parse_sepc()
   - netdev-dpdk: fix mempool_configure error state
   - vswitchd: Add --cleanup option to the 'appctl exit' command
   - ofp-parse: Fix memory leak on error path in parse_ofp_group_mod_file().
   - actions: Fix memory leak on error path in parse_ct_lb_action().
   - dpif-netdev: Fix use-after-free error in reconfigure_datapath().
   - bridge: Fix memory leak in bridge_aa_update_trunks().
   - dpif-netlink: Fix multiple-free and fd leak on error path.
   - ofp-print: Avoid array overread in print_table_instruction_features().
   - flow: Fix buffer overread in flow_hash_symmetric_l3l4().
   - systemd: start vswitchd after udev
   - ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod().
   - ovsdb-types: Fix memory leak on error path.
   - tnl-ports: Fix loss of tunneling upon removal of a single tunnel port.
   - netdev: check for NULL fields in netdev_get_addrs
   - netdev-dpdk: vhost get stats fix.
   - netdev-dpdk: use 64-bit arithmetic when converting rates.
   - ofp-util: Fix buffer overread in ofputil_decode_bundle_add().
   - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod().
   - ofp-util: Fix memory leaks when parsing OF1.5 group properties.
   - ofp-actions: Fix buffer overread in decode_LEARN_specs().
   - flow: Fix buffer overread for crafted IPv6 packets.
   - ofp-actions: Properly interpret "output:in_port".
   - ovs-ofctl: Avoid read overrun in ofperr_decode_msg().
   - odp-util: Avoid misaligned references to ip6_hdr.
   - ofproto-dpif-upcall: Fix action attr iteration.
   - ofproto-dpif-upcall: Fix key attr iteration.
   - netdev-dpdk: vhost get stats fix.
   - netdev-dpdk: use 64-bit arithmetic when converting rates.
   - ofp-util: Fix buffer overread in ofputil_decode_bundle_add().
   - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod().
   - ofp-util: Fix memory leaks when parsing OF1.5 group properties.
   - odp-util: Fix buffer overread in parsing string form of ODP flows.
   - ovs-vsctl: Fix segfault when attempting to del-port from parent bridge.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2942=1



Package List:

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      openvswitch-2.7.6-3.23.1
      openvswitch-debuginfo-2.7.6-3.23.1
      openvswitch-debugsource-2.7.6-3.23.1


References:

   https://www.suse.com/security/cve/CVE-2018-17204.html
   https://www.suse.com/security/cve/CVE-2018-17205.html
   https://www.suse.com/security/cve/CVE-2018-17206.html
   https://bugzilla.suse.com/1104467

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXBcMk2aOgq3Tt24GAQh/vRAAyKQ+EuVDh2tWUm48xGbPH5ikz4smhfLO
yjhh1xwFuqxHFHxcqrhs6Tq/SKvDtAZag4Tvg8397RXelxRqg2TVKTsFin6lMgTF
9o3B9O+QoASNEGf+RRoBVzw8mg6zSHycqfzD40LKeQ3E61Oh1ikEjRjZYyiQbCz0
xzaZ09zofkhgf/5L5LSGHzdseoVblYFzTm7Br3J9h/8xO6i7E/PhM8O7Cd8rPfGq
4kMQpIsb9k3T472MDgtKSbuPzoueCpWL1OinOn23l5ckpm3NETAlpZC0be0y2Hgm
dq5otLXVCAsZOq5L1X8gDXJfsBGgWxYTJnIdLGbzU5kgsAyGat7+hGdZkFhfjm1S
37nTMiS0w2Pzhhg/C6Y9BW3uIGwOA/RtPuMzc2p0pvXKpaqTs/cEeBUCGVYqcIux
qfDF9TEzqfJTZtVd0coKdnio22S7RyT2/CyfK74HtsJzBo+oRmiUcErYARQ4NlPW
jusfMDh0fCkVMQS9a+WYHYoTUK6lJFD3HwcWiqf4lRqhux+qer82f16SvE6kn9n9
JvO12FGlaJqtLdxP0ooc4oG8PMF8sM0GgGvYsnZkETMjlFI7WyeuLiUByhaxYoPB
40aEkR/ciw5Ua86upxyJlMRiTzgL7ppoh7OPQxC0Gk07p/jseo0ZYFJN6VS1H0E3
LLnWvo5L2YI=
=y/bz
-----END PGP SIGNATURE-----

« Back to bulletins