Security
Security
A buffer overflow in Open vSwitch might allow remote attackers to execute arbitrary code.
| Package | net-misc/openvswitch on all architectures |
|---|---|
| Affected versions | < 2.5.0 |
| Unaffected versions | >= 2.5.0 |
Open vSwitch is a production quality multilayer virtual switch.
A buffer overflow was discovered in lib/flow.c in ovs-vswitchd.
A remote attacker, using a specially crafted MPLS packet, could execute arbitrary code.
There is no known workaround at this time.
All Open vSwitch users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.5.0"
Release date
January 01, 2017
Latest revision
January 01, 2017: 2
Severity
normal
Exploitable
remote
Bugzilla entries