[Bug 1575119] [NEW] [SRU] Open vSwitch 2.4.1, 2.3.3 stable updates

James Page james.page at ubuntu.com
Tue Apr 26 11:05:14 UTC 2016 

Public bug reported:

The Open vSwitch team is pleased to announce the release of Open vSwitch
2.4.1:

        http://openvswitch.org/releases/openvswitch-2.4.1.tar.gz

and Open vSwitch 2.3.3:

        http://openvswitch.org/releases/openvswitch-2.3.3.tar.gz

Both of these releases contain bug fixes.  Most importantly, they
address a remote execution vulnerability in MPLS parsing
(CVE-2016-2074):

        http://openvswitch.org/pipermail/announce/2016-March/000082.html

We recommend immediately upgrading to a patched version.  If you do not
want the other fixes, the advisory above contain patches that may be
applied to the previous releases.

Note that Open vSwitch 2.5.x is not affected by this issue.

We would like to thank the reporters: Kashyap Thimmaraju and Bhargava
Shastry.

Enjoy!

--The Open vSwitch Team

** Affects: cloud-archive
     Importance: Undecided
         Status: Invalid

** Affects: cloud-archive/kilo
     Importance: High
         Status: Triaged

** Affects: cloud-archive/liberty
     Importance: High
         Status: Triaged

** Affects: openvswitch (Ubuntu)
     Importance: Undecided
         Status: Invalid

** Affects: openvswitch (Ubuntu Wily)
     Importance: High
         Status: Triaged

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2074

** Also affects: openvswitch (Ubuntu Wily)
   Importance: Undecided
       Status: New

** Changed in: openvswitch (Ubuntu)
       Status: New => Invalid

** Changed in: openvswitch (Ubuntu Wily)
   Importance: Undecided => High

** Changed in: openvswitch (Ubuntu Wily)
       Status: New => Triaged

** Also affects: cloud-archive
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/liberty
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/kilo
   Importance: Undecided
       Status: New

** Changed in: cloud-archive
       Status: New => Invalid

** Changed in: cloud-archive/kilo
       Status: New => Triaged

** Changed in: cloud-archive/liberty
       Status: New => Triaged

** Changed in: cloud-archive/liberty
   Importance: Undecided => High

** Changed in: cloud-archive/kilo
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/1575119

Title:
  [SRU] Open vSwitch 2.4.1, 2.3.3 stable updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1575119/+subscriptions

More information about the Ubuntu-server-bugs mailing list