Bug 1632522 (CVE-2018-17204)
Summary: | CVE-2018-17204 openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aconole, ahardin, apevec, atragler, bleanhar, bmcclain, ccoleman, chrisw, ctrautma, dbecker, dblechte, dedgar, dfediuck, eedri, eparis, fleitner, jgoulding, jhsiao, jjoyce, jokerman, jschluet, kbasil, kfida, lhh, lpeer, markmc, mburns, mchappel, mgoldboi, michal.skrivanek, ovs-team, ralongi, rbryant, rhos-maint, rkhan, sbonazzo, sclewis, sherold, slinaber, srevivo, tdecacqu, tgraf, tredaelli, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
An issue was discovered in Open vSwitch (OvS), 2.4.x through 2.4.1, 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and2.9.x through 2.9.2, affecting the parse_group_prop_ntr_selection_method in lib/ofp-util.c. On controllers with the OpenFlow 1.5 decoder enabled, a specially crafted group update can cause an assertion failure, potentially leading to a Denial of Service condition.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:38:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1632523, 1633063, 1633064, 1633065, 1633066, 1633067, 1633068, 1633070, 1633072, 1633147, 1650038, 1651419, 1651420, 1683550 | ||
Bug Blocks: | 1632524 |
Description
Sam Fowler
2018-09-25 01:40:57 UTC
Created openvswitch tracking bugs for this issue: Affects: openstack-rdo [bug 1632523] Slightly adjusted scoring given the need for privileged access to OVS in order to access the interfaces required. RHOSP14 (OVS 2.6.1): openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) RHOSP13 (OVS 2.6.1) openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) - Commonly uses FDP version (2.9.0) RHOSP12 (OVS 2.7.4) openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) - Commonly uses FDP version (2.9.0) RHOSP10 (OVS 2.6.1) openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) - Commonly uses FDP version (2.9.0) RHOSP9 (OVS not packaged?) openvswitch: - Repo contains 2.5.0 (Installable after running rhos-release 9, seems to inherit from RHOS7 tag) - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) RHOSP8 (OVS not packaged?) openvswitch: - Repo contains 2.5.0 (Installable after running rhos-release 8, seems to inherit from RHOS7 tag) - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) RHOSP7 ELS (Important fixes only, 2.5.0) - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) Fast Data Path RHEL-7 (2.9.0) openvswitch: - CVE-2018-17204 (vulnerable code present in parse_group_prop_ntr_selection_method, lib/ofp-util.c, offset) openvswitch2.10: - CVE-2018-17204 (has been fixed, not vulnerable, code moved to lib/ofp-group.c) This issue has been addressed in the following products: Fast Datapath for RHEL 7 Via RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2018:3500 OpenShift 3.1 to 3.4 included an openvswitch rpm. The node container image (https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/node) includes the patch for this flaw and as per OpenShift Container Platform Tested Integrations (https://access.redhat.com/articles/2176281) customers are advised to use the updated node container. This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0053 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:0081 https://access.redhat.com/errata/RHSA-2019:0081 |