On Tue, Mar 22, 2016 at 06:03:43AM -0700, Justin Pettit wrote: > From: Ben Pfaff <b...@ovn.org> > > A bug in MPLS parsing could cause a crafted MPLS packet to overflow the > buffer reserved for MPLS labels in the OVS internal flow structure. This > fixes the problem. > > This commit also fixes a secondary problem where an MPLS packet with zero > labels could cause an out-of-range shift that would overwrite memory. > There is no obvious way to control the data used in the overwrite, so this > is harder to exploit. > > Vulnerability: CVE-2016-2074 > Reported-by: Kashyap Thimmaraju <kashyap.thimmar...@sec.t-labs.tu-berlin.de> > Reported-by: Bhargava Shastry <bshas...@sec.t-labs.tu-berlin.de> > Signed-off-by: Ben Pfaff <b...@ovn.org> > Acked-by: Jesse Gross <je...@kernel.org>
Already acked by Jesse so I think that this one is good. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
