782 matches found
PYSEC-2018-94
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due ...
CVE-2018-14636
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due ...
CVE-2018-14636
The CVE-2018-14636 issue affects OpenStack Neutron components vulnerable to an eavesdropping risk during live migration. When live-migrated, the Open vSwitch integration bridge can remain connected to the guest being migrated, exposing traffic from all instances sharing the same OVS instance. The...
CVE-2018-14636
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due ...
CVE-2018-14636
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due ...
Moderate: Red Hat Security Advisory: openvswitch security and bug fix update
An update for openvswitch is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: Security vulnerability in Open vSwitch affects IBM Cloud Manager with OpenStack (CVE-2016-2074)
Summary A security vulenrability has been identified in Open vSwitch that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2074 DESCRIPTION: Open vSwitch is vulnerable to a buffer overflow, caused...
Open vSwitch Denial of Service Vulnerability (CNVD-2017-32356)
Open vSwitch OvS is a multi-layer virtual switch product based on open source technology following the Apache 2.0 license that supports large-scale network automation through programmatic extensions, standard management interfaces and protocols, and more. A security vulnerability exists in the...
Fedora 26 : openvswitch (2017-45625fecca)
Add a symlink of the OCF script in the OCF resources folder ---- Updated to Open vSwitch 2.7.3 and DPDK 16.11.3 for CVE-2017-14970 ---- Security fix for CVE-2017-9263, CVE-2017-9265 ---- Updated to Open vSwitch 2.7.1 and DPDK 16.11.2 1468234 Note that Tenable Network Security has extracted the...
[SECURITY] Fedora 27 Update: openvswitch-2.8.1-1.fc27
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...
[SECURITY] Fedora 26 Update: openvswitch-2.7.3-2.fc26
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...
Ubuntu 16.04 LTS : Open vSwitch vulnerabilities (USN-3450-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3450-1 advisory. Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. A remote attacker could possibly use this issue to cause Open...
USN-3450-1: Open vSwitch vulnerabilities
Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. CVE-2017-9214 It was discovered that Open vSwitch incorrectly handled certain OpenFlow role...
USN-3450-1 openvswitch vulnerabilities
Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. CVE-2017-9214 It was discovered that Open vSwitch incorrectly handled certain OpenFlow role...
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
DEBIAN-CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
UBUNTU-CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
Design/Logic Flaw
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...