Oval Definition:oval:org.opensuse.security:def:201714970
Revision Date:2022-05-22Version:1
Title:CVE-2017-14970
Description:

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-14970
SUSE-SU-2017:3232-1
SUSE-SU-2018:0311-1
SUSE-SU-2018:0505-1
openSUSE-SU-2017:3238-1
Mitre CVE-2017-14970
SUSE CVE-2017-14970
SUSE-SU-2017:3232-1
SUSE-SU-2018:0311-1
SUSE-SU-2018:0505-1
openSUSE-SU-2017:3238-1
Platform(s):openSUSE Leap 42.3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 6
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND openvswitch-2.7.0-3.10.1 is installed
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • openvswitch-2.7.0-7 is installed
  • AND openvswitch is signed with openSUSE key
  • OR
  • openvswitch-devel-2.7.0-7 is installed
  • AND openvswitch-devel is signed with openSUSE key
  • OR
  • openvswitch-ovn-central-2.7.0-7 is installed
  • AND openvswitch-ovn-central is signed with openSUSE key
  • OR
  • openvswitch-ovn-common-2.7.0-7 is installed
  • AND openvswitch-ovn-common is signed with openSUSE key
  • OR
  • openvswitch-ovn-docker-2.7.0-7 is installed
  • AND openvswitch-ovn-docker is signed with openSUSE key
  • OR
  • openvswitch-ovn-host-2.7.0-7 is installed
  • AND openvswitch-ovn-host is signed with openSUSE key
  • OR
  • openvswitch-ovn-vtep-2.7.0-7 is installed
  • AND openvswitch-ovn-vtep is signed with openSUSE key
  • OR
  • openvswitch-pki-2.7.0-7 is installed
  • AND openvswitch-pki is signed with openSUSE key
  • OR
  • openvswitch-test-2.7.0-7 is installed
  • AND openvswitch-test is signed with openSUSE key
  • OR
  • openvswitch-vtep-2.7.0-7 is installed
  • AND openvswitch-vtep is signed with openSUSE key
  • OR
  • python-openvswitch-2.7.0-7 is installed
  • AND python-openvswitch is signed with openSUSE key
  • OR
  • python-openvswitch-test-2.7.0-7 is installed
  • AND python-openvswitch-test is signed with openSUSE key
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • openvswitch-2.5.1-25.12.7 is installed
  • OR openvswitch-dpdk-2.5.1-25.12.8 is installed
  • OR openvswitch-dpdk-switch-2.5.1-25.12.8 is installed
  • OR openvswitch-switch-2.5.1-25.12.7 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND
  • openvswitch-2.5.1-25.12 is installed
  • OR openvswitch-dpdk-2.5.1-25.12 is installed
  • OR openvswitch-dpdk-switch-2.5.1-25.12 is installed
  • OR openvswitch-switch-2.5.1-25.12 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND openvswitch-2.7.0-3.10 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • openvswitch-2.5.1-25.12 is installed
  • OR openvswitch-switch-2.5.1-25.12 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • openvswitch-2.5.1-6.4 is installed
  • OR openvswitch-kmp-default-2.5.1_k3.12.74_60.64.69-6.4 is installed
  • OR openvswitch-kmp-xen-2.5.1_k3.12.74_60.64.69-6.4 is installed
  • OR openvswitch-switch-2.5.1-6.4 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • AND openvswitch-2.7.0-3.10.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND
  • openvswitch-2.5.1-25.12.7 is installed
  • OR openvswitch-switch-2.5.1-25.12.7 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND
  • openvswitch-2.5.1-25.12.7 is installed
  • OR openvswitch-dpdk-2.5.1-25.12.8 is installed
  • OR openvswitch-dpdk-switch-2.5.1-25.12.8 is installed
  • OR openvswitch-switch-2.5.1-25.12.7 is installed
    • BACK