CVE-2016-2074: A remotely triggerable buffer overflow vulnerability was discovered in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially, execution of arbitrary code.
DSA-3540-1 lhasa— Security Update
Security database information:
CVE-2016-2347: An integer underflow was discovered in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed.
Fixing Status
openvswitch problem has been fixed in version 2.3.0+git20140819-4; lhasa problem has been fixed in version 0.3.1-1.
We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.
The security updates of openvswitch and lhasa.
Vulnerability Overview
DSA-3533-1 openvswitch— Security Update
Security database information:
DSA-3540-1 lhasa— Security Update
Security database information:
Fixing Status
openvswitch problem has been fixed in version 2.3.0+git20140819-4; lhasa problem has been fixed in version 0.3.1-1.
We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.