File _patchinfo of Package patchinfo.6197

<patchinfo incident="6197">
  <issue id="1041470" tracker="bnc">VUL-0: CVE-2017-9263: openvswitch: OpenFlow role status message can cause a call to abort()</issue>
  <issue id="1040543" tracker="bnc">VUL-0: CVE-2017-9214: openvswitch: buffer over-read when parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message</issue>
  <issue id="1041447" tracker="bnc">VUL-0: CVE-2017-9265: openvswitch: Buffer over-read while parsing the group mod OpenFlow message sent from the controller</issue>
  <issue id="1061310" tracker="bnc">VUL-0: CVE-2017-14970: openvswitch: multiple memory leaks in lib/ofp-util.c</issue>
  <issue id="2017-9265" tracker="cve" />
  <issue id="2017-9214" tracker="cve" />
  <issue id="2017-14970" tracker="cve" />
  <issue id="2017-9263" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>markoschandras</packager>
  <description>This update for openvswitch fixes the following issues:

* CVE-2017-9263: While parsing an OpenFlow role status message, there is a call to the abort() functio  for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. (bsc#1041470)
* CVE-2017-9265: Buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.(bsc#1041447)
* CVE-2017-9214: While parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. (bsc#1040543)
* CVE-2017-14970: In lib/ofp-util.c, there are multiple memory leaks while parsing malformed OpenFlow group mod messages.(bsc#1061310)

</description>
  <summary>Security update for openvswitch</summary>
</patchinfo>