openvswitch: denial of service (CVE-2020-27827)

Multiple versions of Open vSwitch are vulnerable to denial of service attacks in which crafted LLDP packets could cause memory to be lost when allocating data to handle specific optional TLVs. Triggering the vulnerability requires LLDP processing to be enabled for a specific port. Open vSwitch versions before 2.5.x are not vulnerable.

We recommend that users of Open vSwitch apply the included patch, or upgrade to a known patched version of Open vSwitch. These include:

2.14.1
2.13.2
2.12.2
2.11.5
2.10.6
2.9.8
2.8.10
2.7.12
2.6.9

Reference:

https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html

Affected branches:

master
3.13-stable

Edited Jan 26, 2021 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information