A buffer overflow in Open vSwitch might allow remote attackers to execute arbitrary code.
|Package||net-misc/openvswitch on all architectures|
|Affected versions||< 2.5.0|
|Unaffected versions||>= 2.5.0|
Open vSwitch is a production quality multilayer virtual switch.
A buffer overflow was discovered in lib/flow.c in ovs-vswitchd.
A remote attacker, using a specially crafted MPLS packet, could execute arbitrary code.
There is no known workaround at this time.
All Open vSwitch users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.5.0"
January 01, 2017
January 01, 2017: 2