Cumulus Networks Security Advisory Cumulus Linux 2.5.4

  • 16 November 2015
  • 0 replies
  • 131 views

Userlevel 5
-------------------------------------------------------------------------
Cumulus Networks®️ Security Advisory
2015-November-13
-------------------------------------------------------------------------

Description: In some configurations, flooded traffic from the primary VLAN ID of a bridge can be transmitted out of ports that are not assigned as a member of that VLAN. This can result in the associated broadcast, multicast and unknown destination traffic for the primary VLAN to be transmitted out from ports that should not receive the traffic.

Workaround: Executing "sudo ifdown [bridge]" followed by "sudo ifup [bridge]" of the bridge prevents the issue.

The Cumulus Linux http://repo.cumulusnetworks.com repository was updated with the latest security resolution to this issue.

This issue has a CVSS score of 3.4 (Low). We recommend that you upgrade Cumulus Linux and Cumulus RMP.

For instructions on how to apply the latest security upgrades, please refer to this Help Center article:
https://support.cumulusnetworks.com/hc/en-us/articles/201787906

We would like to thank Collin Crowell for reporting this issue.

If you have any questions, please contact us via:
https://support.cumulusnetworks.com/hc/en-us/requests/new

The Cumulus Networks Team
_______________________________________________
cumulus-security-announce mailing list
cumulus-security-announce@lists.cumulusnetworks.com
https://lists.cumulusnetworks.com/listinfo/cumulus-security-announce

This topic has been closed for comments