Arch Linux Security Advisory ASA-202101-28 ========================================== Severity: Medium Date : 2021-01-20 CVE-ID : CVE-2015-8011 CVE-2020-27827 Package : openvswitch Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1456 Summary ======= The package openvswitch before version 2.14.1-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 2.14.1-1. # pacman -Syu "openvswitch>=2.14.1-1" The problems have been fixed upstream in version 2.14.1. Workaround ========== None. Description =========== - CVE-2015-8011 (arbitrary code execution) A buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. - CVE-2020-27827 (information disclosure) A security issue was found in lldpd before version 1.0.8. A packet that contains multiple instances of certain TLVs will cause lldpd to continually allocate memory and leak the old memory. As an example, multiple instances of system name TLV will cause old values to be dropped by the decoding routine. Impact ====== A remote attacker can leak information or possibly execute arbitrary code through crafted packets. References ========== https://www.openwall.com/lists/oss-security/2015/10/16/2 https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html https://github.com/openvswitch/ovs/pull/335 https://github.com/openvswitch/ovs/commit/ec51fc90669e5fe1a2096581296d55b3acda6711 https://github.com/lldpd/lldpd/blob/master/NEWS https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61 https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html https://github.com/openvswitch/ovs/pull/337 https://github.com/openvswitch/ovs/commit/f915f32f5667e3b9d460055d8b47fa5d204ce83a https://security.archlinux.org/CVE-2015-8011 https://security.archlinux.org/CVE-2020-27827