Lucene search

K
suseSuseSUSE-SU-2017:2212-1
HistoryAug 18, 2017 - 3:12 p.m.

Security update for openvswitch (important)

2017-08-1815:12:06
lists.opensuse.org
62
openvswitch
security update
cve-2017-9263
cve-2017-9265
buffer over-read
application crash
ovs-vswitchd
ovsdb-server
openvswitch
connectivity maintenance

EPSS

0.018

Percentile

88.4%

This update for openvswitch fixes the following issues:

  • CVE-2017-9263: OpenFlow role status message can cause a call to abort()
    leading to application crash (bsc#1041470)

  • CVE-2017-9265: Buffer over-read while parsing message could lead to
    crash or maybe arbitrary code execution (bsc#1041447)

  • Do not restart the ovs-vswitchd and ovsdb-server services
    on package updates (bsc#1002734)

  • Do not restart the ovs-vswitchd, ovsdb-server and openvswitch services
    on package removals. This facilitates potential future package moves but
    also preserves connectivity when the package is removed (bsc#1050896)