[ovs-dev] Bug#863655: openvswitch: CVE-2017-9263

Salvatore Bonaccorso carnil at debian.org
Mon May 29 19:44:13 UTC 2017


Source: openvswitch
Version: 2.3.0+git20140819-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for openvswitch.

CVE-2017-9263[0]:
| In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status
| message, there is a call to the abort() function for undefined role
| status reasons in the function `ofp_print_role_status_message` in
| `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a
| malicious switch.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9263
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9263
[1] https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html

Regards,
Salvatore


More information about the dev mailing list