Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 620200 (CVE-2017-9214) - <net-misc/openvswitch-2.7.0-r3: Integer underflow in the ofputil_pull_queue_get_config_reply10 function (CVE-2017-9214)
Summary: <net-misc/openvswitch-2.7.0-r3: Integer underflow in the ofputil_pull_queue_g...
Status: RESOLVED FIXED
Alias: CVE-2017-9214
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 596206 625282
Blocks:
  Show dependency tree
 
Reported: 2017-05-30 14:28 UTC by Agostino Sarubbo
Modified: 2018-03-16 17:33 UTC (History)
4 users (show)

See Also:
Package list:
net-misc/openvswitch-2.7.0-r3 dev-python/twisted-16.6.0-r1 dev-python/incremental-16.10.1 dev-python/constantly-15.1.0 dev-python/hyper-h2-2.5.1 dev-python/hyperframe-4.0.1 dev-python/priority-1.3.0 dev-python/hpack-2.3.0-r1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-05-30 14:28:14 UTC 
From ${URL} :

A vulnerability in openvswitch was found. While parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function 
`ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

References:

https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2017-05-30 16:33:09 UTC 
2.7.0-r3 has the fix, not sure how to make this a stable bug as I don't want to remove it from security/vunlerabilities, but it needs x86/amd64
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-08 23:28:42 UTC 
@ Arches,

please test and mark stable: =net-misc/openvswitch-2.7.0-r3
Comment 3 Stabilization helper bot gentoo-dev 2017-06-09 00:01:00 UTC 
An automated check of this bug failed - repoman reported dependency errors (41 lines truncated): 

> dependency.bad net-misc/openvswitch/openvswitch-2.7.0-r3.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['dev-python/twisted[conch,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]']
> dependency.bad net-misc/openvswitch/openvswitch-2.7.0-r3.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['dev-python/twisted[conch,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]']
> dependency.bad net-misc/openvswitch/openvswitch-2.7.0-r3.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['dev-python/twisted[conch,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]']
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-09 12:36:34 UTC 
Adding required python deps...
Comment 5 Stabilization helper bot gentoo-dev 2017-06-09 13:01:41 UTC 
An automated check of this bug failed - repoman reported dependency errors (60 lines truncated): 

> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/hyperframe-4.0.1[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hyperframe-5.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/hyperframe-4.0.1[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hyperframe-5.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-python/hyperframe-4.0.1[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hyperframe-5.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/twisted/twisted-16.6.0-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/priority-1.1.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/priority-2.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/twisted/twisted-16.6.0-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-python/priority-1.1.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/priority-2.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/twisted/twisted-16.6.0-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/gnome) ['>=dev-python/priority-1.1.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/priority-2.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
Comment 6 Stabilization helper bot gentoo-dev 2017-06-09 14:01:30 UTC 
An automated check of this bug failed - repoman reported dependency errors (41 lines truncated): 

> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
Comment 7 Agostino Sarubbo gentoo-dev 2017-06-10 13:20:37 UTC 
I get the same failure reported in 596206
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-03 00:31:51 UTC 
Already stable.

@ Maintainer(s): Please cleanup!
Comment 9 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2017-11-06 03:26:34 UTC 
2.6.1 is needed by neutron, which is part of openstack, the ocata release specifically.  Ocata is set to be EOL'd 2018-02-26.  I'd suggest masking it instead, if possible.
Comment 10 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-15 21:50:16 UTC 
(In reply to Matthew Thode ( prometheanfire ) from comment #9)
> 2.6.1 is needed by neutron, which is part of openstack, the ocata release
> specifically.  Ocata is set to be EOL'd 2018-02-26.  I'd suggest masking it
> instead, if possible.

Matthew any news about Ocata? are we ready to clean 2.6.1?

GLSA Vote: No.
Comment 11 Larry the Git Cow gentoo-dev 2018-03-16 15:35:07 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02340d7eb201e301e4454563e97b706f5e938924

commit 02340d7eb201e301e4454563e97b706f5e938924
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2018-03-16 15:32:18 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2018-03-16 15:34:48 +0000

    net-misc/openvswitch: remove 2.6.1 for bug 620200
    
    Bug: https://bugs.gentoo.org/620200
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 net-misc/openvswitch/Manifest                 |   1 -
 net-misc/openvswitch/openvswitch-2.6.1.ebuild | 155 --------------------------
 2 files changed, 156 deletions(-)}