[Bug 1575119] Re: [SRU] Open vSwitch 2.4.1, 2.3.3 stable updates
James Page
james.page at ubuntu.com
Tue Jun 21 15:35:16 UTC 2016
This bug was fixed in the package openvswitch - 2.4.1-0ubuntu0.15.10.1~cloud0
---------------
openvswitch (2.4.1-0ubuntu0.15.10.1~cloud0) trusty-liberty; urgency=medium
.
* New upstream release for the Ubuntu Cloud Archive.
.
openvswitch (2.4.1-0ubuntu0.15.10.1) wily; urgency=medium
.
* New upstream point release (LP: #1575119):
- CVE-2016-2074: MPLS buffer overflow vulnerabilities.
** Changed in: cloud-archive/liberty
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/1575119
Title:
[SRU] Open vSwitch 2.4.1, 2.3.3 stable updates
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive kilo series:
Triaged
Status in Ubuntu Cloud Archive liberty series:
Fix Released
Status in openvswitch package in Ubuntu:
Invalid
Status in openvswitch source package in Wily:
Fix Released
Bug description:
The Open vSwitch team is pleased to announce the release of Open
vSwitch 2.4.1:
http://openvswitch.org/releases/openvswitch-2.4.1.tar.gz
and Open vSwitch 2.3.3:
http://openvswitch.org/releases/openvswitch-2.3.3.tar.gz
Both of these releases contain bug fixes. Most importantly, they
address a remote execution vulnerability in MPLS parsing
(CVE-2016-2074):
http://openvswitch.org/pipermail/announce/2016-March/000082.html
We recommend immediately upgrading to a patched version. If you do
not want the other fixes, the advisory above contain patches that may
be applied to the previous releases.
Note that Open vSwitch 2.5.x is not affected by this issue.
We would like to thank the reporters: Kashyap Thimmaraju and Bhargava
Shastry.
Enjoy!
--The Open vSwitch Team
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1575119/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list