The Open vSwitch team is pleased to announce the release of Open vSwitch 2.4.1:
http://openvswitch.org/releases/openvswitch-2.4.1.tar.gz
and Open vSwitch 2.3.3:
http://openvswitch.org/releases/openvswitch-2.3.3.tar.gz
Both of these releases contain bug fixes. Most importantly, they address a
remote execution vulnerability in MPLS parsing (CVE-2016-2074):
http://openvswitch.org/pipermail/announce/2016-March/000082.html
We recommend immediately upgrading to a patched version. If you do not want
the other fixes, the advisory above contain patches that may be applied to the
previous releases.
Note that Open vSwitch 2.5.x is not affected by this issue.
We would like to thank the reporters: Kashyap Thimmaraju and Bhargava Shastry.
Enjoy!
--The Open vSwitch Team
--------------------
Open vSwitch is a production quality, multilayer open source virtual switch.
It is designed to enable massive network automation through programmatic
extension, while still supporting standard management interfaces. Open vSwitch
can operate both as a soft switch running within the hypervisor, and as the
control stack for switching silicon. It has been ported to multiple
virtualization platforms and switching chipsets.
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
