PublicDateAtUSN: 2018-09-19
Candidate: CVE-2018-17204
PublicDate: 2018-09-19 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17204
 https://ubuntu.com/security/notices/USN-3873-1
Description:
 An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6,
 affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When
 decoding a group mod, it validates the group type and command after the
 whole group mod has been decoded. The OF1.5 decoder, however, tries to use
 the type and command earlier, when it might still be invalid. This causes
 an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable
 support for OpenFlow 1.5 by default.
Ubuntu-Description:
Notes:
 mdeslaur> openflow 1.5 not enabled by default
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L [4.3 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L [4.3 MEDIUM]


Patches_openvswitch:
 upstream: https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa (master)
 upstream: https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168 (branch-2.8)
 upstream: https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde (branch-2.7)
 upstream: https://github.com/openvswitch/ovs/commit/0e6eb58f53d63b79d3a8c6936b0ef72cdd082bdb (2.9)
 upstream: https://github.com/openvswitch/ovs/commit/94b443070fea2a15bc4768c35d59d46892cdc901 (2.5)
upstream_openvswitch: needs-triage
precise/esm_openvswitch: DNE
trusty_openvswitch: not-affected (code not present)
trusty/esm_openvswitch: DNE (trusty was not-affected [code not present])
xenial_openvswitch: released (2.5.5-0ubuntu0.16.04.2)
esm-infra/xenial_openvswitch: released (2.5.5-0ubuntu0.16.04.2)
bionic_openvswitch: released (2.9.2-0ubuntu0.18.04.3)
cosmic_openvswitch: not-affected (2.10.0-0ubuntu2)
devel_openvswitch: not-affected (2.10.0-0ubuntu2)