[SRU] Open vSwitch 2.4.1, 2.3.3 stable updates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Invalid
|
Undecided
|
Unassigned | ||
Kilo |
Triaged
|
High
|
Unassigned | ||
Liberty |
Fix Released
|
High
|
Unassigned | ||
openvswitch (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Wily |
Fix Released
|
High
|
Unassigned |
Bug Description
The Open vSwitch team is pleased to announce the release of Open vSwitch 2.4.1:
http://
and Open vSwitch 2.3.3:
http://
Both of these releases contain bug fixes. Most importantly, they address a remote execution vulnerability in MPLS parsing (CVE-2016-2074):
http://
We recommend immediately upgrading to a patched version. If you do not want the other fixes, the advisory above contain patches that may be applied to the previous releases.
Note that Open vSwitch 2.5.x is not affected by this issue.
We would like to thank the reporters: Kashyap Thimmaraju and Bhargava Shastry.
Enjoy!
--The Open vSwitch Team
CVE References
Changed in openvswitch (Ubuntu): | |
status: | New → Invalid |
Changed in openvswitch (Ubuntu Wily): | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in cloud-archive: | |
status: | New → Invalid |
tags: |
added: verification-done verification-liberty-done removed: verification-liberty-needed verification-needed |
Hello James, or anyone else affected,
Accepted openvswitch into wily-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ openvswitch/ 2.4.1-0ubuntu0. 15.10.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed. In either case, details of your testing will help us make a better decision.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance!