Security Updates (DSA-3533-1 & DSA-3540-1)
Tofloor
poster avatar
melodyzou
deepin
2016-04-11 23:54
Author

The security updates of openvswitch and lhasa.


Vulnerability Overview

DSA-3533-1 openvswitch— Security Update

Security database information:

  • CVE-2016-2074: A remotely triggerable buffer overflow vulnerability was discovered in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially, execution of arbitrary code.

DSA-3540-1 lhasa— Security Update

Security database information:

  • CVE-2016-2347: An integer underflow was discovered in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed.

Fixing Status

openvswitch problem has been fixed in version 2.3.0+git20140819-4; lhasa problem has been fixed in version 0.3.1-1.

We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.


Reply Favorite View the author
All Replies
tristar
deepin
2016-04-12 08:06
#1
Thank You!
Reply View the author
New Thread

Popular Events

More
国际排名
WHLUG