Ubuntu
openvswitch package

  1. Xenial (16.04)
  2. Bug #1723480
  3. Comment #40

Comment 40 for bug 1723480

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package openvswitch - 2.6.1-0ubuntu0.16.10.2~cloud0
---------------

 openvswitch (2.6.1-0ubuntu0.16.10.2~cloud0) xenial; urgency=medium
 .
   * SECURITY UPDATE: DoS while parsing OFPT_QUEUE_GET_CONFIG_REPLY message
     - debian/patches/CVE-2017-9214.patch: properly check length in
       lib/ofp-util.c.
     - CVE-2017-9214
   * SECURITY UPDATE: DoS while parsing OpenFlow role status message
     - debian/patches/CVE-2017-9263.patch: don't abort on unknown reason in
       lib/ofp-print.c.
     - CVE-2017-9263
   * SECURITY UPDATE: DoS in firewall implementation
     - debian/patches/CVE-2017-9264.patch: fix checks for header sizes in
       lib/conntrack.c.
     - CVE-2017-9264
   * SECURITY UPDATE: DoS while parsing group mod OpenFlow message
     - debian/patches/CVE-2017-9265.patch: check length in lib/ofp-util.c.
     - CVE-2017-9265
   * d/openvswitch-switch.postinst: Do not modify
     /etc/default/openvswitch-switch as this file is now managed
     as a configuration file by dpkg (LP: #1723480).