Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:0311-1

Опубликовано: 31 янв. 2018
Источник: suse-cvrf

Описание

Security update for openvswitch

This update for openvswitch fixes the following issues:

  • CVE-2017-9263: While parsing an OpenFlow role status message, there is a call to the abort() functio for undefined role status reasons in the function ofp_print_role_status_message in lib/ofp-print.c that may be leveraged toward a remote DoS attack by a malicious switch. (bsc#1041470)
  • CVE-2017-9265: Buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputil_pull_ofp15_group_mod.(bsc#1041447)
  • CVE-2017-9214: While parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c. (bsc#1040543)
  • CVE-2017-14970: In lib/ofp-util.c, there are multiple memory leaks while parsing malformed OpenFlow group mod messages.(bsc#1061310)

Список пакетов

SUSE Linux Enterprise Server 12 SP2
openvswitch-2.5.1-25.12.7
openvswitch-dpdk-2.5.1-25.12.8
openvswitch-dpdk-switch-2.5.1-25.12.8
openvswitch-switch-2.5.1-25.12.7
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
openvswitch-2.5.1-25.12.7
openvswitch-switch-2.5.1-25.12.7
SUSE Linux Enterprise Server for SAP Applications 12 SP2
openvswitch-2.5.1-25.12.7
openvswitch-dpdk-2.5.1-25.12.8
openvswitch-dpdk-switch-2.5.1-25.12.8
openvswitch-switch-2.5.1-25.12.7

Ссылки

Описание

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:openvswitch-2.5.1-25.12.7
SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-2.5.1-25.12.8
SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-switch-2.5.1-25.12.8
SUSE Linux Enterprise Server 12 SP2:openvswitch-switch-2.5.1-25.12.7
Ссылки

Описание

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:openvswitch-2.5.1-25.12.7
SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-2.5.1-25.12.8
SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-switch-2.5.1-25.12.8
SUSE Linux Enterprise Server 12 SP2:openvswitch-switch-2.5.1-25.12.7
Ссылки

Описание

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:openvswitch-2.5.1-25.12.7
SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-2.5.1-25.12.8
SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-switch-2.5.1-25.12.8
SUSE Linux Enterprise Server 12 SP2:openvswitch-switch-2.5.1-25.12.7
Ссылки

Описание

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:openvswitch-2.5.1-25.12.7
SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-2.5.1-25.12.8
SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-switch-2.5.1-25.12.8
SUSE Linux Enterprise Server 12 SP2:openvswitch-switch-2.5.1-25.12.7
Ссылки