[3.1] openvswitch: MPLS buffer overflow vulnerabilities (CVE-2016-2074)
Multiple versions of Open vSwitch are vulnerable to remote buffer
overflow attacks, in which crafted MPLS
packets could overflow the buffer reserved for MPLS labels in an OVS
internal data structure.
Open vSwitch 2.1.x and earlier are not vulnerable.
In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be exploited for arbitrary remote code execution.
In Open vSwitch 2.4.x, the MPLS buffer overflow does not obviously
lead to a remote code execution exploit,
but testing shows that it can allow a remote denial of service.
Open vSwitch 2.5.x is not vulnerable.
References and patch:
http://openvswitch.org/pipermail/announce/2016-March/000082.html
(from redmine: issue id 5339, created on 2016-03-29, closed on 2016-04-12)
- Relations:
- parent #5336 (closed)
- Changesets:
- Revision 6499705e on 2016-04-06T14:17:05Z:
main/openvswitch: security fix (CVE-2016-2074). Fixes #5339
(cherry picked from commit 3f597cd91f6b9a54ac5d7ece8cf44dd376f0cb60)