Security update for openvswitch
This update for openvswitch fixes the following issues:
- CVE-2017-9263: OpenFlow role status message can cause a call to abort() leading to application crash (bsc#1041470)
- CVE-2017-9265: Buffer over-read while parsing message could lead to crash or maybe arbitrary code execution (bsc#1041447)
- Do not restart the ovs-vswitchd and ovsdb-server services
on package updates (bsc#1002734)
- Do not restart the ovs-vswitchd, ovsdb-server and openvswitch
services on package removals. This facilitates potential future
package moves but also preserves connectivity when the package is
removed (bsc#1050896)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Markos Chandras (markoschandras)
Fixed bugs
bnc#1041470
VUL-0: CVE-2017-9263: openvswitch: OpenFlow role status message can cause a call to abort()
bnc#1041447
VUL-0: CVE-2017-9265: openvswitch: Buffer over-read while parsing the group mod OpenFlow message sent from the controller
bnc#1002734
After controller upgrade, openvswitch has an empty flow table
bnc#1050896
openvswitch: package update from < Leap 42.3 incorrectly stops the openvswitch systemd service
