Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3882 Security update for openvswitch 17 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openvswitch Publisher: SUSE Operating System: SUSE Impact/Access: Access Privileged Data -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-17206 CVE-2018-17205 CVE-2018-17204 Reference: ESB-2018.3464 Original Bulletin: https://www.suse.com/support/update/announcement/2018/suse-su-20184128-1/ - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4128-1 Rating: moderate References: #1104467 Cross-References: CVE-2018-17204 CVE-2018-17205 CVE-2018-17206 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit (bsc#1104467). - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding (bsc#1104467). - CVE-2018-17204:When decoding a group mod, it validated the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tried to use the type and command earlier, when it might still be invalid. This caused an assertion failure (via OVS_NOT_REACHED) (bsc#1104467). These non-security issues were fixed: - ofproto/bond: Fix bond reconfiguration race condition. - ofproto/bond: Fix bond post recirc rule leak. - ofproto/bond: fix interal flow leak of tcp-balance bond - systemd: Restart openvswitch service if a daemon crashes - conntrack: Fix checks for TCP, UDP, and IPv6 header sizes. - ofp-actions: Fix translation of set_field for nw_ecn - netdev-dpdk: Fix mempool segfault. - ofproto-dpif-upcall: Fix flow setup/delete race. - learn: Fix memory leak in learn_parse_sepc() - netdev-dpdk: fix mempool_configure error state - vswitchd: Add --cleanup option to the 'appctl exit' command - ofp-parse: Fix memory leak on error path in parse_ofp_group_mod_file(). - actions: Fix memory leak on error path in parse_ct_lb_action(). - dpif-netdev: Fix use-after-free error in reconfigure_datapath(). - bridge: Fix memory leak in bridge_aa_update_trunks(). - dpif-netlink: Fix multiple-free and fd leak on error path. - ofp-print: Avoid array overread in print_table_instruction_features(). - flow: Fix buffer overread in flow_hash_symmetric_l3l4(). - systemd: start vswitchd after udev - ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod(). - ovsdb-types: Fix memory leak on error path. - tnl-ports: Fix loss of tunneling upon removal of a single tunnel port. - netdev: check for NULL fields in netdev_get_addrs - netdev-dpdk: vhost get stats fix. - netdev-dpdk: use 64-bit arithmetic when converting rates. - ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). - ofp-util: Fix memory leaks when parsing OF1.5 group properties. - ofp-actions: Fix buffer overread in decode_LEARN_specs(). - flow: Fix buffer overread for crafted IPv6 packets. - ofp-actions: Properly interpret "output:in_port". - ovs-ofctl: Avoid read overrun in ofperr_decode_msg(). - odp-util: Avoid misaligned references to ip6_hdr. - ofproto-dpif-upcall: Fix action attr iteration. - ofproto-dpif-upcall: Fix key attr iteration. - netdev-dpdk: vhost get stats fix. - netdev-dpdk: use 64-bit arithmetic when converting rates. - ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). - ofp-util: Fix memory leaks when parsing OF1.5 group properties. - odp-util: Fix buffer overread in parsing string form of ODP flows. - ovs-vsctl: Fix segfault when attempting to del-port from parent bridge. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2942=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openvswitch-2.7.6-3.23.1 openvswitch-debuginfo-2.7.6-3.23.1 openvswitch-debugsource-2.7.6-3.23.1 References: https://www.suse.com/security/cve/CVE-2018-17204.html https://www.suse.com/security/cve/CVE-2018-17205.html https://www.suse.com/security/cve/CVE-2018-17206.html https://bugzilla.suse.com/1104467 _______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXBcMk2aOgq3Tt24GAQh/vRAAyKQ+EuVDh2tWUm48xGbPH5ikz4smhfLO yjhh1xwFuqxHFHxcqrhs6Tq/SKvDtAZag4Tvg8397RXelxRqg2TVKTsFin6lMgTF 9o3B9O+QoASNEGf+RRoBVzw8mg6zSHycqfzD40LKeQ3E61Oh1ikEjRjZYyiQbCz0 xzaZ09zofkhgf/5L5LSGHzdseoVblYFzTm7Br3J9h/8xO6i7E/PhM8O7Cd8rPfGq 4kMQpIsb9k3T472MDgtKSbuPzoueCpWL1OinOn23l5ckpm3NETAlpZC0be0y2Hgm dq5otLXVCAsZOq5L1X8gDXJfsBGgWxYTJnIdLGbzU5kgsAyGat7+hGdZkFhfjm1S 37nTMiS0w2Pzhhg/C6Y9BW3uIGwOA/RtPuMzc2p0pvXKpaqTs/cEeBUCGVYqcIux qfDF9TEzqfJTZtVd0coKdnio22S7RyT2/CyfK74HtsJzBo+oRmiUcErYARQ4NlPW jusfMDh0fCkVMQS9a+WYHYoTUK6lJFD3HwcWiqf4lRqhux+qer82f16SvE6kn9n9 JvO12FGlaJqtLdxP0ooc4oG8PMF8sM0GgGvYsnZkETMjlFI7WyeuLiUByhaxYoPB 40aEkR/ciw5Ua86upxyJlMRiTzgL7ppoh7OPQxC0Gk07p/jseo0ZYFJN6VS1H0E3 LLnWvo5L2YI= =y/bz -----END PGP SIGNATURE-----