Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 632656

Summary: dev-python/ovs: multiple memory leaks while parsing malformed OpenFlow group mod messages
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: prometheanfire
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: C4 [ebuild]
Package list:
Runtime testing required: ---

Description Aleksandr Wagner (Kivak) 2017-10-01 20:46:14 UTC 
CVE-2017-14970 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14970):

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. 

References:

https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html

@Maintainer(s): Please provide an updated ebuild, thank you.
Comment 1 Aleksandr Wagner (Kivak) 2017-10-04 00:28:56 UTC 
@ Maintainer(s): Please confirm that this package is vulnerable. Bug 633420 for the package net-misc/openvswitch might also be vulnerable.
Comment 2 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2017-10-04 00:43:25 UTC 
don't think this applies, this is just the python library.

https://github.com/openvswitch/ovs/tree/v2.8.1/python