ALT-PU-2016-2105-1
Package openvswitch updated to version 2.5.1-alt1 for branch sisyphus in task 170962.
Closed vulnerabilities
Published: 2016-07-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-2074
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch
- [ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch
- [ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available
- [ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available
- RHSA-2016:0523
- RHSA-2016:0523
- RHSA-2016:0524
- RHSA-2016:0524
- RHSA-2016:0537
- RHSA-2016:0537
- DSA-3533
- DSA-3533
- 85700
- 85700
- RHSA-2016:0615
- RHSA-2016:0615
- https://bugzilla.redhat.com/show_bug.cgi?id=1318553
- https://bugzilla.redhat.com/show_bug.cgi?id=1318553
- GLSA-201701-07
- GLSA-201701-07
- https://security-tracker.debian.org/tracker/CVE-2016-2074
- https://security-tracker.debian.org/tracker/CVE-2016-2074
- https://support.citrix.com/article/CTX232655
- https://support.citrix.com/article/CTX232655
Published: 2022-09-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-32166
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
References:
- https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
- https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
- [debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update
- [debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update
- https://www.mend.io/vulnerability-database/CVE-2022-32166
- https://www.mend.io/vulnerability-database/CVE-2022-32166