[ovs-git] [openvswitch/ovs] f41373: flow: Fix buffer overflow for crafted MPLS packets...

GitHub noreply at github.com
Tue Mar 29 00:31:51 UTC 2016


  Branch: refs/heads/branch-2.3
  Home:   https://github.com/openvswitch/ovs
  Commit: f4137393ef2fd23a70d987ee9f89454e25db1700
      https://github.com/openvswitch/ovs/commit/f4137393ef2fd23a70d987ee9f89454e25db1700
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2016-03-22 (Tue, 22 Mar 2016)

  Changed paths:
    M lib/flow.c

  Log Message:
  -----------
  flow: Fix buffer overflow for crafted MPLS packets.

A bug in MPLS parsing could cause a crafted MPLS packet to overflow the
buffer reserved for MPLS labels in the OVS internal flow structure.  This
fixes the problem.

This commit also fixes a secondary problem where an MPLS packet with zero
labels could cause an out-of-range shift that would overwrite memory.
There is no obvious way to control the data used in the overwrite, so this
is harder to exploit.

Vulnerability: CVE-2016-2074
Reported-by: Kashyap Thimmaraju <kashyap.thimmaraju at sec.t-labs.tu-berlin.de>
Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>


  Commit: 4b61bf321fba5c15b83726f23978d2cfd796c823
      https://github.com/openvswitch/ovs/commit/4b61bf321fba5c15b83726f23978d2cfd796c823
  Author: Justin Pettit <jpettit at ovn.org>
  Date:   2016-03-22 (Tue, 22 Mar 2016)

  Changed paths:
    M NEWS
    M debian/changelog

  Log Message:
  -----------
  Set release date for 2.3.3.

Signed-off-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>


  Commit: b3f820b72cd2691baaf4453f6ae8168b27c712ff
      https://github.com/openvswitch/ovs/commit/b3f820b72cd2691baaf4453f6ae8168b27c712ff
  Author: Justin Pettit <jpettit at ovn.org>
  Date:   2016-03-22 (Tue, 22 Mar 2016)

  Changed paths:
    M NEWS
    M configure.ac
    M debian/changelog

  Log Message:
  -----------
  Prepare for 2.3.4.

Signed-off-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/88b567e66aaf...b3f820b72cd2


More information about the git mailing list