Bug 620200 (CVE-2017-9214)

Summary:	<net-misc/openvswitch-2.7.0-r3: Integer underflow in the ofputil_pull_queue_get_config_reply10 function (CVE-2017-9214)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	dev-zero, dolsen, prometheanfire, virtualization
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=1456795
Whiteboard:	B3 [noglsa cve]
Package list:	net-misc/openvswitch-2.7.0-r3 dev-python/twisted-16.6.0-r1 dev-python/incremental-16.10.1 dev-python/constantly-15.1.0 dev-python/hyper-h2-2.5.1 dev-python/hyperframe-4.0.1 dev-python/priority-1.3.0 dev-python/hpack-2.3.0-r1	Runtime testing required:	---
Bug Depends on:	596206, 625282
Bug Blocks:

Description Agostino Sarubbo gentoo-dev

2017-05-30 14:28:14 UTC

From ${URL} :

A vulnerability in openvswitch was found. While parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function 
`ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

References:

https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Matthew Thode ( prometheanfire ) archtester

2017-05-30 16:33:09 UTC

2.7.0-r3 has the fix, not sure how to make this a stable bug as I don't want to remove it from security/vunlerabilities, but it needs x86/amd64

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-08 23:28:42 UTC

@ Arches,

please test and mark stable: =net-misc/openvswitch-2.7.0-r3

Comment 3 Stabilization helper bot gentoo-dev

2017-06-09 00:01:00 UTC

An automated check of this bug failed - repoman reported dependency errors (41 lines truncated): 

> dependency.bad net-misc/openvswitch/openvswitch-2.7.0-r3.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['dev-python/twisted[conch,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]']
> dependency.bad net-misc/openvswitch/openvswitch-2.7.0-r3.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['dev-python/twisted[conch,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]']
> dependency.bad net-misc/openvswitch/openvswitch-2.7.0-r3.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['dev-python/twisted[conch,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]']

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-09 12:36:34 UTC

Adding required python deps...

Comment 5 Stabilization helper bot gentoo-dev

2017-06-09 13:01:41 UTC

An automated check of this bug failed - repoman reported dependency errors (60 lines truncated): 

> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/hyperframe-4.0.1[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hyperframe-5.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/hyperframe-4.0.1[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hyperframe-5.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-python/hyperframe-4.0.1[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hyperframe-5.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/twisted/twisted-16.6.0-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/priority-1.1.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/priority-2.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/twisted/twisted-16.6.0-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-python/priority-1.1.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/priority-2.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/twisted/twisted-16.6.0-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/gnome) ['>=dev-python/priority-1.1.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/priority-2.0[python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']

Comment 6 Stabilization helper bot gentoo-dev

2017-06-09 14:01:30 UTC

An automated check of this bug failed - repoman reported dependency errors (41 lines truncated): 

> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']
> dependency.bad dev-python/hyper-h2/hyper-h2-2.5.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-python/hpack-2.2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]', '<dev-python/hpack-3.0.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)]']

Comment 7 Agostino Sarubbo gentoo-dev

2017-06-10 13:20:37 UTC

I get the same failure reported in 596206

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-03 00:31:51 UTC

Already stable.

@ Maintainer(s): Please cleanup!

Comment 9 Matthew Thode ( prometheanfire ) archtester

2017-11-06 03:26:34 UTC

2.6.1 is needed by neutron, which is part of openstack, the ocata release specifically.  Ocata is set to be EOL'd 2018-02-26.  I'd suggest masking it instead, if possible.

Comment 10 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-03-15 21:50:16 UTC

(In reply to Matthew Thode ( prometheanfire ) from comment #9)
> 2.6.1 is needed by neutron, which is part of openstack, the ocata release
> specifically.  Ocata is set to be EOL'd 2018-02-26.  I'd suggest masking it
> instead, if possible.

Matthew any news about Ocata? are we ready to clean 2.6.1?

GLSA Vote: No.

Comment 11 Larry the Git Cow gentoo-dev

2018-03-16 15:35:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02340d7eb201e301e4454563e97b706f5e938924

commit 02340d7eb201e301e4454563e97b706f5e938924
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2018-03-16 15:32:18 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2018-03-16 15:34:48 +0000

    net-misc/openvswitch: remove 2.6.1 for bug 620200
    
    Bug: https://bugs.gentoo.org/620200
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 net-misc/openvswitch/Manifest                 |   1 -
 net-misc/openvswitch/openvswitch-2.6.1.ebuild | 155 --------------------------
 2 files changed, 156 deletions(-)}