severity 863661 normal thanks On Mon, May 29, 2017 at 10:14:49PM +0200, Salvatore Bonaccorso wrote: > Source: openvswitch > Version: 2.6.2~pre+git20161223-3 > Severity: important > Tags: patch upstream security > > Hi, > > the following vulnerability was published for openvswitch. > > CVE-2017-9264[0]: > | In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) > | 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, > | and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, > | and `extract_l4_udp` that can be triggered remotely. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
This only affects the userspace datapath, most often used in the context of DPDK, which isn't enabled in the Debian packaging. In addition, the fact that it's a buffer overread (which makes it difficult to use to crash OVS or change its behavior) and the fact that end-to-end TCP checksum verification would catch it leads me to believe that this is only "normal" severity, so I'm updating it (with this email). Thanks, Ben.
