Photon OS 1.0: Openvswitch PHSA-2017-0044

An update of the openvswitch package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0044. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Openvswitch PHSA-2017-0020

An update of the openvswitch package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0020. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu: Security Advisory (USN-3873-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: openvswitch security and bug fix update

An update for openvswitch is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: openvswitch security and bug fix update

An update for openvswitch is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Denial Of Service (DoS)

openvswitch is vulnerable to denial of service. An assertion failure in the parsegrouppropntrselectionmethod function in lib/ofp-util.c allows for an attacker to cause a denial of service condition in the application. This is due to an invalid group type during decoding of a group mod when the...

Arbitrary Code Execution

openvswitch is vulnerable to arbitrary code execution. A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory...

Authorization Bypass

openstack-neutron is vulnerable to authorization bypass. An authenticated user is able to bypass security group restrictions with an invalid CIDR to add a security group rule which would cause the openvswitch-agent process to fail and prevent further rules from being applied...

openvswitch/ofctl_parse_target: Heap-buffer-overflow in encode_LEARN

Project: https://github.com/openvswitch/ovs.git Detailed report: https://oss-fuzz.com/testcase?key=5651435740463104 Project: openvswitch Fuzzer: libFuzzeropenvswitchofctlparsetarget Fuzz target binary: ofctlparsetarget Job Type: libfuzzerasanopenvswitch Platform Id: linux Crash Type:...

openvswitch/odp_target: Heap-buffer-overflow in format_generic_odp_key

Project: https://github.com/openvswitch/ovs.git Detailed report: https://oss-fuzz.com/testcase?key=5691937953153024 Project: openvswitch Fuzzer: libFuzzerodptarget Fuzz target binary: odptarget Job Type: libfuzzerasanopenvswitch Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...

openSUSE: Security Advisory for openvswitch (openSUSE-SU-2018:4148-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for openvswitch (openSUSE-SU-2018:4148-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openvswitch/ofctl_parse_target: Use-of-uninitialized-value in learn_check

Project: https://github.com/openvswitch/ovs.git Detailed report: https://oss-fuzz.com/testcase?key=5744553198354432 Project: openvswitch Fuzzer: libFuzzeropenvswitchofctlparsetarget Fuzz target binary: ofctlparsetarget Job Type: libfuzzermsanopenvswitch Platform Id: linux Crash Type:...

openSUSE Security Update : openvswitch (openSUSE-2018-1562)

This update for openvswitch to version 2.7.6 fixes the following issues : These security issues were fixed : - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:Whe...

SUSE SLES12 Security Update : openvswitch (SUSE-SU-2018:4128-1)

This update for openvswitch to version 2.7.6 fixes the following issues : These security issues were fixed : CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. CVE-2018-17204: When...

Security update for openvswitch (moderate)

This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:When...

openvswitch/ofctl_parse_target: Crash in mf_check__

Project: https://github.com/openvswitch/ovs.git Detailed report: https://oss-fuzz.com/testcase?key=5630494973100032 Project: openvswitch Fuzzer: libFuzzeropenvswitchofctlparsetarget Fuzz target binary: ofctlparsetarget Job Type: libfuzzermsanopenvswitch Platform Id: linux Crash Type: UNKNOWN READ...

openvswitch/ofctl_parse_target: Heap-buffer-overflow in learn_check

Project: https://github.com/openvswitch/ovs.git Detailed report: https://oss-fuzz.com/testcase?key=5640179956580352 Project: openvswitch Fuzzer: libFuzzeropenvswitchofctlparsetarget Fuzz target binary: ofctlparsetarget Job Type: libfuzzerasanopenvswitch Platform Id: linux Crash Type:...

SUSE-SU-2018:4128-1 Security update for openvswitch

This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:When...

RHEL 7 : openvswitch (RHSA-2016:0615)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0615 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud...