Bug 1061310 - (CVE-2017-14970) VUL-0: CVE-2017-14970: openvswitch: multiple memory leaks in lib/ofp-util.c
(CVE-2017-14970)
VUL-0: CVE-2017-14970: openvswitch: multiple memory leaks in lib/ofp-util.c
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Markos Chandras
Security Team bot
https://smash.suse.de/issue/192712/
CVSSv3:SUSE:CVE-2017-14970:5.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-02 15:58 UTC by Alexander Bergmann
Modified: 2018-04-25 14:47 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Markos Chandras 2017-10-02 20:33:26 UTC
openvswitch-2.8.1 is already on its way to Factory but I will submit an updated version to include this bug report and the cve reference as well
Comment 2 Markos Chandras 2017-10-04 08:32:48 UTC
2.8.1 is now in Factory. Assigning back to the security team
Comment 3 Marcus Meissner 2017-11-29 08:34:16 UTC
You are also supposed to fix older codestreams

12-sp3 seems affected.
12-sp2 seems affected.

SUSE:SLE-12-SP1:Update:Products:Cloud6:Update/openvswitch seems affected


11-sp3 seems to be not affected.
Comment 8 Swamp Workflow Management 2017-12-07 20:11:05 UTC
SUSE-SU-2017:3232-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1054094,1057357,1061310
CVE References: CVE-2017-14970
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    openvswitch-2.7.0-3.10.1
Comment 9 Swamp Workflow Management 2017-12-08 11:09:19 UTC
openSUSE-SU-2017:3238-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1054094,1057357,1061310
CVE References: CVE-2017-14970
Sources used:
openSUSE Leap 42.3 (src):    openvswitch-2.7.0-7.1
Comment 10 Swamp Workflow Management 2018-01-31 14:07:35 UTC
SUSE-SU-2018:0311-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1040543,1041447,1041470,1061310
CVE References: CVE-2017-14970,CVE-2017-9214,CVE-2017-9263,CVE-2017-9265
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    openvswitch-2.5.1-25.12.7
SUSE Linux Enterprise Server 12-SP2 (src):    openvswitch-2.5.1-25.12.7, openvswitch-dpdk-2.5.1-25.12.8
Comment 11 Swamp Workflow Management 2018-02-21 11:11:26 UTC
SUSE-SU-2018:0505-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1040543,1041447,1041470,1050896,1061310
CVE References: CVE-2017-14970,CVE-2017-9214,CVE-2017-9263,CVE-2017-9265
Sources used:
SUSE OpenStack Cloud 6 (src):    openvswitch-2.5.1-6.4.7
Comment 12 Marcus Meissner 2018-02-21 20:48:16 UTC
released