Synopsis

Moderate: openvswitch security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for openvswitch is now available for Red Hat OpenStack Platform 12.0 (Pike).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

• dpdk: Information exposure in unchecked guest physical to host virtual address translations (CVE-2018-1059)
  

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by Maxime Coquelin (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenStack 12 x86_64
• Red Hat OpenStack for IBM Power 12 ppc64le

Fixes

• BZ - 1544298 - CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translations
• BZ - 1547518 - Need an openvswitch-test package that can be installed along with python-openvswitch from OSP repo [openstack-12]
• BZ - 1561969 - Backport from master OVS for "LACP: check active partner sys id"
• BZ - 1583749 - openvswitch-2.9.0-19.el7fdp installs /var/log/openvswitch with permissions 0755 [openstack-12]

CVEs

• CVE-2018-1059

References

• https://access.redhat.com/security/updates/classification/#moderate

Red Hat OpenStack 12

SRPM
openvswitch-2.9.0-19.el7fdp.1.src.rpm	SHA-256: 0c4d87981f29148ac17f76f76ec0d3d7a12f6de111a84afe6fe8ae66f92959d0
x86_64
openvswitch-2.9.0-19.el7fdp.1.x86_64.rpm	SHA-256: 218536bf82fa18dfb673f0a4898299d86a2043058678156bffbfe4b57b75eaea
openvswitch-debuginfo-2.9.0-19.el7fdp.1.x86_64.rpm	SHA-256: b76a13b2bb5e46af9ff348ba821ff11ff7f8c73feac17b32544e48586d29076c
openvswitch-ovn-central-2.9.0-19.el7fdp.1.x86_64.rpm	SHA-256: d20a1f387b0207ffd95c416e5a37d044453aa61e4c8c668cfb359e689ff4f421
openvswitch-ovn-common-2.9.0-19.el7fdp.1.x86_64.rpm	SHA-256: 6a92571fa83b29b582c3d954bbec5be6557058749342dc03a81947c10ae06d99
openvswitch-ovn-host-2.9.0-19.el7fdp.1.x86_64.rpm	SHA-256: b63222f181a675f8f586498333a53434c9c1cff938331f5cc11a58a798d83354
openvswitch-ovn-vtep-2.9.0-19.el7fdp.1.x86_64.rpm	SHA-256: 26bebd8f90a0f7b49f10ed3105495b290922067bf44ab0860ff726c8a75b5e59
openvswitch-test-2.9.0-19.el7fdp.1.noarch.rpm	SHA-256: 2c4744ad1582f0feb9951e5b2b9f4a581fc2c781217d11db368d5e0354b0eb0e
python-openvswitch-2.9.0-19.el7fdp.1.noarch.rpm	SHA-256: 406e954ae230801e63c29b1b7c9c85941493345d6d345abd545417563f4ec827

Red Hat OpenStack for IBM Power 12

SRPM
ppc64le
openvswitch-2.9.0-19.el7fdp.1.ppc64le.rpm	SHA-256: ef91e9934f3e3e237383b5cc4e4afd29dca0d388ad8eb0c143173b0262cafe2e
openvswitch-debuginfo-2.9.0-19.el7fdp.1.ppc64le.rpm	SHA-256: 4f8ba17a035a53bf328f662321f6dd33d7eeff430056752934befeda75fa966a
openvswitch-ovn-central-2.9.0-19.el7fdp.1.ppc64le.rpm	SHA-256: f20130e2e228d516e3f7f02bcb7d6b3d527c8d5fe7f59f92bcd98e19f84c6e17
openvswitch-ovn-common-2.9.0-19.el7fdp.1.ppc64le.rpm	SHA-256: 1f6ce7f9f771d70de37f8eed0e2ee944d9d1e1bac47a7723cc6583d8879e619f
openvswitch-ovn-host-2.9.0-19.el7fdp.1.ppc64le.rpm	SHA-256: 3abae04a23d6836e6a877a9718957811a83156d9334db330d485b91a15d1113a
openvswitch-ovn-vtep-2.9.0-19.el7fdp.1.ppc64le.rpm	SHA-256: d51d945a00e949f9985ba9ddf31b0ea8553851b791f19d216368d8cd60a24277
openvswitch-test-2.9.0-19.el7fdp.1.noarch.rpm	SHA-256: 2c4744ad1582f0feb9951e5b2b9f4a581fc2c781217d11db368d5e0354b0eb0e
python-openvswitch-2.9.0-19.el7fdp.1.noarch.rpm	SHA-256: 406e954ae230801e63c29b1b7c9c85941493345d6d345abd545417563f4ec827