copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2016.0815 - [RedHat] openvswitch: Execute arbitrary code/commands - Remote/unauthenticated

Date: 30 March 2016
References: ESB-2016.0811  ESB-2016.0817  ESB-2016.0935  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0815
                  Important: openvswitch security updates
                               30 March 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           openvswitch
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-2074  

Reference:         ESB-2016.0811

Original Bulletin: 
   https://rhn.redhat.com/errata/RHSA-2016-0523.html
   https://rhn.redhat.com/errata/RHSA-2016-0524.html

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: openvswitch security update
Advisory ID:       RHSA-2016:0523-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0523.html
Issue date:        2016-03-30
CVE Names:         CVE-2016-2074 
=====================================================================

1. Summary:

An update for openvswitch is now available for Red Hat Enterprise Linux
OpenStack Platform 5.0 (Icehouse) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* A buffer overflow flaw was discovered in the OVS processing of MPLS
labels. A remote attacker able to deliver a frame containing a malicious
MPLS label that would be processed by OVS could trigger the flaw and use
the resulting memory corruption to cause a denial of service (DoS) or,
possibly, execute arbitrary code. (CVE-2016-2074)

Red Hat would like to thank the Open vSwitch project for reporting this
issue. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the
original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7:

Source:
openvswitch-2.4.0-2.el7_2.src.rpm

noarch:
python-openvswitch-2.4.0-2.el7_2.noarch.rpm

x86_64:
openvswitch-2.4.0-2.el7_2.x86_64.rpm
openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-2074
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFW+yyTXlSAg2UNWIIRAn1wAJ43zGCBuvVz7MyD8pYvbs0yZKV0cgCgkK5y
KyMNZaaSRsuWNrjBEjryr0E=
=xL98
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: openvswitch security update
Advisory ID:       RHSA-2016:0524-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0524.html
Issue date:        2016-03-30
CVE Names:         CVE-2016-2074 
=====================================================================

1. Summary:

An update for openvswitch is now available for Red Hat Enterprise Linux
OpenStack Platform 6.0 (Juno) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* A buffer overflow flaw was discovered in the OVS processing of MPLS
labels. A remote attacker able to deliver a frame containing a malicious
MPLS label that would be processed by OVS could trigger the flaw and use
the resulting memory corruption to cause a denial of service (DoS) or,
possibly, execute arbitrary code. (CVE-2016-2074)

Red Hat would like to thank the Open vSwitch project for reporting this
issue. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the
original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7:

Source:
openvswitch-2.4.0-2.el7_2.src.rpm

noarch:
python-openvswitch-2.4.0-2.el7_2.noarch.rpm

x86_64:
openvswitch-2.4.0-2.el7_2.x86_64.rpm
openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-2074
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFW+y0qXlSAg2UNWIIRAvPYAJ9j+7tfLRd/vAU71VuEVGdUDfXSsACeLGqD
32OlqTWOxmveubmrVB6C2p8=
=y4r9
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVvtR8n6ZAP0PgtI9AQL9mg/+OWsBikRY1+DdNwA5VXg0SxQkdNsr1/v0
eBHfVfwQmgGS2xJXiHmuUL0BOeB9k0zq5sfRXTAgnbMXP17+qxjlGzKfBbgoVsof
v3fP/Vzk/F2gjTGMsfLPLyz0Vmhk2IqXL8rrhbwRjxcJMjbCAM4Yhml/O/m0acRz
SH+VO6vvh4xCO0p2cqbIuROjw/4Zk10f4f4Z2i11Er3e6aQGRfnAsfVaIK+ia/XC
djtEVYaZPncl98fDV/izW4AC4Cq+xvcnUfqpTUL50PmaKWL/p6ggflI5i3RBkNCU
p5H9qivDYkrgbFg404npYOu5d3m2NMFsPqdF+Wi0JmSJ1XkMe5NY5urFXPwFy772
nJ67bGGxqnXC/5SMgj3uz9aOw0r+9r6M+t6IAEkW7PMBSXX1nji2A6GGOVt6gZ/z
Bgb/jhWkJy+w81Maa0samLpGtohHdHMUPwlnsD9Ms68qc8usFXfsq/CGY0pDK6rV
aCOKuJU0/AtwwhjrZmlj3VnBPUI6Y9bW1rhf0OJ8z4kFKF1BMk6eFfNu4sOuulB9
biY9MfLXr0HVxMX7pYFp57klrI8HFpH8H6lmfm4Pfcf+QdK7JDT2ATeSfVVNybdB
0pNQu5Yo4VTdXg2byGtdIh7tz28r9aTYmUdMY/YhE8KRqkOaLkq6sO7j7gBJOtmN
mhvBoxNoY7Y=
=lmez
-----END PGP SIGNATURE-----