SUSE-SU-2018:0311-1 -- SLES openvswitchID: oval:org.secpod.oval:def:89002115 | Date: (C)2021-02-25 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for openvswitch fixes the following issues: * CVE-2017-9263: While parsing an OpenFlow role status message, there is a call to the abort functio for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. * CVE-2017-9265: Buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. * CVE-2017-9214: While parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. * CVE-2017-14970: In lib/ofp-util.c, there are multiple memory leaks while parsing malformed OpenFlow group mod messages.
Platform: |
SUSE Linux Enterprise Server 12 SP2 |