RHEL 8 : openvswitch2.12 (RHSA-2020:0172)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0172 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

RHEL 8 : openvswitch2.11 (RHSA-2020:0171)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0171 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

RHEL 7 : openvswitch2.12 (RHSA-2020:0168)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0168 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

Moderate: Red Hat Security Advisory: openvswitch2.12 security and bug fix update

An update for openvswitch2.12 is now available for Fast Datapath for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: openvswitch2.11 security and bug fix update

An update for openvswitch2.11 is now available for Fast Datapath for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : openvswitch (RHSA-2020:0165)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0165 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

CVE-2014-2304

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURESREPLY messages cause...

Design/Logic Flaw

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURESREPLY messages cause...

CVE-2013-7333

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices...

CVE-2014-2304

The connected records identify CVE-2014-2304 as affecting Open Floodlight SDN controller version 0.90. The root cause is a flaw in OpenFlow protocol processing where malformed and mistimed FEATURES_REPLY messages cause the controller to fail to delete switch and port data from internal tracking s...

CVE-2014-2304

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURESREPLY messages cause...

CVE-2013-7333

Open Floodlight SDN controller version 0.90 is affected by CVE-2013-7333. The vulnerability allows an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the controller, leading to degradation and eventual denial of network access for devices co...

CVE-2017-9263

While parsing an OpenFlow role status message Open vSwitch OvS, a call to the abort function for undefined role status reasons in the function 'ofpprintrolestatusmessage' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch...

Moderate: Red Hat Security Advisory: openvswitch security and bug fix update

An update for openvswitch is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure

An issue was discovered in Open vSwitch OvS, 2.4.x through 2.4.1, 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and2.9.x through 2.9.2, affecting the parsegrouppropntrselectionmethod in lib/ofp-util.c. On controllers with the OpenFlow 1.5 decoder enabled, a...

Moderate: Red Hat Security Advisory: openvswitch security and bug fix update

An update for openvswitch is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : openvswitch (RHSA-2018:3500)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3500 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

Moderate: Red Hat Security Advisory: openvswitch security, bug fix, and enhancement update

An update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure

An issue was discovered in Open vSwitch OvS, 2.4.x through 2.4.1, 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and2.9.x through 2.9.2, affecting the parsegrouppropntrselectionmethod in lib/ofp-util.c. On controllers with the OpenFlow 1.5 decoder enabled, a...

Design/Logic Flaw

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...