On Tue, Mar 22, 2016 at 06:03:43AM -0700, Justin Pettit wrote: > From: Ben Pfaff <[email protected]> > > A bug in MPLS parsing could cause a crafted MPLS packet to overflow the > buffer reserved for MPLS labels in the OVS internal flow structure. This > fixes the problem. > > This commit also fixes a secondary problem where an MPLS packet with zero > labels could cause an out-of-range shift that would overwrite memory. > There is no obvious way to control the data used in the overwrite, so this > is harder to exploit. > > Vulnerability: CVE-2016-2074 > Reported-by: Kashyap Thimmaraju <[email protected]> > Reported-by: Bhargava Shastry <[email protected]> > Signed-off-by: Ben Pfaff <[email protected]> > Acked-by: Jesse Gross <[email protected]>
Already acked by Jesse so I think that this one is good. _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
