Open vSwitch: Remote execution of arbitrary code — GLSA 201701-07

A buffer overflow in Open vSwitch might allow remote attackers to execute arbitrary code.

Affected Packages

net-misc/openvswitch on all architectures
Affected versions < 2.5.0
Unaffected versions >= 2.5.0

Background

Open vSwitch is a production quality multilayer virtual switch.

Description

A buffer overflow was discovered in lib/flow.c in ovs-vswitchd.

Impact

A remote attacker, using a specially crafted MPLS packet, could execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Open vSwitch users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.5.0"
 

References

Release Date
January 01, 2017

Latest Revision
January 01, 2017: 2

Severity
normal

Exploitable
remote

Bugzilla entries