- Vulnerability/
- RHSA-2020:2297
RHSA-2020:2297: Moderate: openvswitch2.11 security, bug fix and enhancement update
First published: Tue May 26 2020(Updated: )
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.<br>Security Fix(es):<br><li> dpdk: librte_vhost Interger overflow in vhost_user_set_log_base() (CVE-2020-10722)</li> <li> dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723)</li> <li> dpdk: librte_vhost Missing inputs validation in Vhost-crypto (CVE-2020-10724)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> [RHEL8] Update OVS 2.11 to last branch-2.11 commit and DPDK 18.11.7 (BZ#1822654)</li> <li> [RHEL8] ingress qdisc gets removed (BZ#1826827)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openvswitch2.11 | <2.11.0-54.20200327gita4efc59.el8fd | 2.11.0-54.20200327gita4efc59.el8fd |
| redhat/network-scripts-openvswitch2.11 | <2.11.0-54.20200327gita4efc59.el8fd | 2.11.0-54.20200327gita4efc59.el8fd |
| redhat/openvswitch2.11-debuginfo | <2.11.0-54.20200327gita4efc59.el8fd | 2.11.0-54.20200327gita4efc59.el8fd |
| redhat/openvswitch2.11-debugsource | <2.11.0-54.20200327gita4efc59.el8fd | 2.11.0-54.20200327gita4efc59.el8fd |
| redhat/openvswitch2.11-devel | <2.11.0-54.20200327gita4efc59.el8fd | 2.11.0-54.20200327gita4efc59.el8fd |
| redhat/openvswitch2.11-test | <2.11.0-54.20200327gita4efc59.el8fd | 2.11.0-54.20200327gita4efc59.el8fd |
| redhat/python3-openvswitch2.11 | <2.11.0-54.20200327gita4efc59.el8fd | 2.11.0-54.20200327gita4efc59.el8fd |
| redhat/python3-openvswitch2.11-debuginfo | <2.11.0-54.20200327gita4efc59.el8fd | 2.11.0-54.20200327gita4efc59.el8fd |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1822654
- https://bugzilla.redhat.com/show_bug.cgi?id=1828867
- https://bugzilla.redhat.com/show_bug.cgi?id=1828874
- https://bugzilla.redhat.com/show_bug.cgi?id=1828884
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2020:2297 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2020:2297?
The severity of RHSA-2020:2297 is classified as important.
How do I fix RHSA-2020:2297?
To fix RHSA-2020:2297, you need to update the openvswitch packages to version 2.11.0-54.20200327gita4efc59.el8fd.
What specific vulnerabilities are addressed in RHSA-2020:2297?
RHSA-2020:2297 addresses an integer overflow vulnerability in vhost_user_set_log_base() (CVE-2020-10722).
Which versions of openvswitch are affected by RHSA-2020:2297?
RHSA-2020:2297 affects openvswitch version 2.11.0-54.20200327gita4efc59.el8fd and earlier.
Is it necessary to reboot after applying the fix for RHSA-2020:2297?
Yes, it is recommended to reboot the system after applying the fix for RHSA-2020:2297 to ensure all changes take effect.
- agent/severity
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2020:2297
- agent/software-canonical-lookup
- agent/remedy
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat