Bug 21121

Summary: openvswitch new security issues CVE-2017-9214, CVE-2017-926[3-5], and CVE-2017-14970
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Joseph Wang <joequant>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: openvswitch-1.11.0-8.mga6.src.rpm CVE:
Status comment: Package hasn't been updated in almost 4 years, should probably be dropped

Description David Walser 2017-06-21 12:15:11 CEST 
Fedora has issued an advisory on June 19:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCJRYNE7QKMEYDFPNVS27DVM37K22WXM/

Mageia 5 is also affected.
David Walser 2017-06-21 12:15:19 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2017-06-21 13:09:52 CEST 
Assigning to the registered maintainer.

Assignee: bugsquad => joequant
CC: (none) => marja11

Comment 2 David Walser 2017-06-24 18:52:42 CEST 
I'm not sure we're really affected by these.  Fedora only patches these CVEs for openvswitch 2.7.0.  For 2.5.0, they only patched CVE-2016-10377, which may or may not affect us.  We have a really old version and this package hasn't been updated in almost four years.  We should probably drop it.

Status comment: (none) => Package hasn't been updated in almost 4 years, should probably be dropped

Comment 3 David Walser 2017-07-07 12:02:33 CEST 
Dropped for Mageia 6.

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 4 David Walser 2017-08-19 14:13:39 CEST 
openSUSE has issued an advisory on August 18:
https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00057.html

I'm not sure if Mageia 5 is affected.

Summary: openvswitch new security issues CVE-2017-9214 and CVE-2017-9264 => openvswitch new security issues CVE-2017-9214 and CVE-2017-926[3-5]

Comment 5 David Walser 2017-10-11 17:01:48 CEST 
Ubuntu has issued an advisory for this today (October 11):
https://usn.ubuntu.com/usn/usn-3450-1/
Comment 6 David Walser 2017-10-16 23:24:07 CEST 
Fedora has issued an advisory for this today (October 16):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V4WMXBMYHAPZINK5VBGGCWVVNXLBHFCQ/

Summary: openvswitch new security issues CVE-2017-9214 and CVE-2017-926[3-5] => openvswitch new security issues CVE-2017-9214, CVE-2017-926[3-5], and CVE-2017-14970

Comment 7 David Walser 2017-12-27 05:07:40 CET 
This package is unsupported.

Resolution: (none) => OLD
Status: NEW => RESOLVED