Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:2727 - Security Advisory
Issued:
2017-09-13
Updated:
2017-09-13

RHSA-2017:2727 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch is now available for Red Hat OpenStack Platform 11.0 (Ocata).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. (CVE-2017-9214)
  • While parsing an OpenFlow role status message Open vSwitch (OvS), a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch. (CVE-2017-9263)
  • A buffer over-read was found in the Open vSwitch (OvS) firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9264)
  • A buffer over-read issue was found in Open vSwitch (OvS) which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack. (CVE-2017-9265)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 11 x86_64

Fixes

  • BZ - 1456795 - CVE-2017-9214 openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
  • BZ - 1457327 - CVE-2017-9263 openvswitch: Invalid processing of a malicious OpenFlow role status message
  • BZ - 1457329 - CVE-2017-9264 openvswitch: Buffer over-read while parsing malformed TCP, UDP and IPv6 packets
  • BZ - 1457335 - CVE-2017-9265 openvswitch: Buffer over-read while parsing the group mod OpenFlow message

CVEs

  • CVE-2017-9214
  • CVE-2017-9263
  • CVE-2017-9264
  • CVE-2017-9265

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 11

SRPM
openvswitch-2.6.1-13.git20161206.el7ost.src.rpm SHA-256: 917cae41a326e27356a45e45bd863dca22592cccb3f706e232155a0c32992e18
x86_64
openvswitch-2.6.1-13.git20161206.el7ost.x86_64.rpm SHA-256: 7143a817f39d1d808e53c9d80e41b2c67b85ad89a15f5bc01169553d1fa1fc8a
openvswitch-debuginfo-2.6.1-13.git20161206.el7ost.x86_64.rpm SHA-256: eed8aa620ea51c8709bd8d849cf77c69de5a45e6bc070f96c874dbe181e58193
openvswitch-ovn-central-2.6.1-13.git20161206.el7ost.x86_64.rpm SHA-256: 81961f1b9bbb1309ae0ec14ebe2369bfac17007e3c38af9908ffb2cb6985457e
openvswitch-ovn-common-2.6.1-13.git20161206.el7ost.x86_64.rpm SHA-256: c33a4b2da14f494c4635a3e21cd5c5888369fb46ea68fb4edb33fc81c4de4a91
openvswitch-ovn-docker-2.6.1-13.git20161206.el7ost.x86_64.rpm SHA-256: ff2cbac80453eb236170a08ff0ee0730e445a1bada9647b50f806705d9105252
openvswitch-ovn-host-2.6.1-13.git20161206.el7ost.x86_64.rpm SHA-256: 3506d60fe9c1b39e96cfc5093355deba83808710ee23dccfdfaaccc0cd31979c
openvswitch-ovn-vtep-2.6.1-13.git20161206.el7ost.x86_64.rpm SHA-256: 8a4df1d3c9e182ab98f0adcc962d21aaeff6389069e2eb170d298e97df6a31e6
python-openvswitch-2.6.1-13.git20161206.el7ost.noarch.rpm SHA-256: cec100594688ed132351b1709d6eb387555310d59cd0b6fbb46d1e3b1500a583

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility