[Secure-testing-team] Bug#863655: openvswitch: CVE-2017-9263
Salvatore Bonaccorso
carnil at debian.org
Mon May 29 19:44:13 UTC 2017
Source: openvswitch
Version: 2.3.0+git20140819-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for openvswitch.
CVE-2017-9263[0]:
| In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status
| message, there is a call to the abort() function for undefined role
| status reasons in the function `ofp_print_role_status_message` in
| `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a
| malicious switch.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9263
[1] https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html
Regards,
Salvatore
More information about the Secure-testing-team
mailing list