Source: openvswitch Version: 2.6.2~pre+git20161223-3 Severity: normal Tags: upstream patch security
Hi, the following vulnerability was published for openvswitch. CVE-2017-9265[0]: | In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing | the group mod OpenFlow message sent from the controller in | `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. this should be only in the OpenFlow 1.5+ support, not sure the message mentions this is not enabled by default. Affected source it as least there. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9265 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9265 [1] https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html Regards, Salvatore _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev