Mirantis OpenStack

  1. Bug #1563753
  2. Activity log

Activity log for bug #1563753

Date Who What changed Old value New value Message
2016-03-30 09:22:08 Dmitry Teselkin bug added bug
2016-03-30 09:22:31 Dmitry Teselkin cve linked 2016-2074
2016-03-30 09:22:57 Dmitry Teselkin description Multiple versions of Open vSwitch are vulnerable to remote buffer overflow attacks, in which crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. The MPLS packets that trigger the vulnerability and the potential for exploitation vary depending on version: - Open vSwitch 2.1.x and earlier are not vulnerable. - In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be exploited for arbitrary remote code execution. - In Open vSwitch 2.4.x, the MPLS buffer overflow does not obviously lead to a remote code execution exploit, but testing shows that it can allow a remote denial of service. See the mitigation section for details. - Open vSwitch 2.5.x is not vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-2074 to this issue. Multiple versions of Open vSwitch are vulnerable to remote buffer overflow attacks, in which crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. The MPLS packets that trigger the vulnerability and the potential for exploitation vary depending on version:     - Open vSwitch 2.1.x and earlier are not vulnerable.     - In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be       exploited for arbitrary remote code execution.     - In Open vSwitch 2.4.x, the MPLS buffer overflow does not       obviously lead to a remote code execution exploit, but testing       shows that it can allow a remote denial of service. See the       mitigation section for details.     - Open vSwitch 2.5.x is not vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-2074 to this issue. http://seclists.org/oss-sec/2016/q1/706
2016-03-30 09:24:25 Dmitry Teselkin mos: assignee MOS Linux (mos-linux)
2016-03-30 09:49:04 Dmitry Teselkin bug added subscriber MOS Linux
2016-03-30 09:49:14 Dmitry Teselkin bug added subscriber MOS Security
2016-03-30 10:19:53 Dmitry Teselkin information type Private Security Public Security
2016-03-30 10:20:02 Dmitry Teselkin removed subscriber MOS Linux
2016-03-30 10:20:05 Dmitry Teselkin removed subscriber MOS Security
2016-03-30 13:05:34 Dina Belova tags area-linux
2016-03-30 13:05:38 Dina Belova mos: status New Confirmed
2016-03-30 13:05:55 Dina Belova mos: importance Undecided High
2016-03-30 13:05:58 Dina Belova mos: milestone 9.0
2016-03-30 13:07:07 Bug Checker Bot tags area-linux area-linux need-info
2016-03-30 15:36:22 Dmitry Teselkin nominated for series mos/7.0.x
2016-03-30 15:36:22 Dmitry Teselkin bug task added mos/7.0.x
2016-03-30 15:36:22 Dmitry Teselkin nominated for series mos/8.0.x
2016-03-30 15:36:22 Dmitry Teselkin bug task added mos/8.0.x
2016-03-30 15:36:22 Dmitry Teselkin nominated for series mos/9.0.x
2016-03-30 15:36:22 Dmitry Teselkin bug task added mos/9.0.x
2016-03-30 15:36:50 Dmitry Teselkin mos/7.0.x: importance Undecided High
2016-03-30 15:36:52 Dmitry Teselkin mos/9.0.x: importance Undecided High
2016-03-30 15:37:19 Dmitry Teselkin mos/9.0.x: assignee MOS Linux (mos-linux)
2016-03-30 15:37:24 Dmitry Teselkin mos/9.0.x: status New Confirmed
2016-03-30 15:37:34 Dmitry Teselkin mos/8.0.x: assignee MOS Linux (mos-linux) MOS Maintenance (mos-maintenance)
2016-03-30 15:37:49 Dmitry Teselkin mos/7.0.x: assignee MOS Maintenance (mos-maintenance)
2016-03-30 15:37:53 Dmitry Teselkin mos/7.0.x: status New Confirmed
2016-03-30 15:38:32 Dmitry Teselkin mos/8.0.x: milestone 9.0 8.0-updates
2016-03-30 15:38:37 Dmitry Teselkin mos/7.0.x: milestone 7.0-updates
2016-03-30 15:38:40 Dmitry Teselkin mos/9.0.x: milestone 9.0
2016-03-30 15:40:51 Dmitry Teselkin tags area-linux need-info area-linux
2016-03-31 08:21:44 Vitaly Sedelnik mos/7.0.x: status Confirmed Incomplete
2016-03-31 08:21:47 Vitaly Sedelnik mos/8.0.x: status Confirmed Incomplete
2016-03-31 08:21:50 Vitaly Sedelnik mos/9.0.x: status Confirmed Incomplete
2016-03-31 08:21:57 Vitaly Sedelnik mos/7.0.x: assignee MOS Maintenance (mos-maintenance) Dmitry Teselkin (teselkin-d)
2016-03-31 08:22:03 Vitaly Sedelnik mos/8.0.x: assignee MOS Maintenance (mos-maintenance) Dmitry Teselkin (teselkin-d)
2016-03-31 08:22:10 Vitaly Sedelnik mos/9.0.x: assignee MOS Linux (mos-linux) Dmitry Teselkin (teselkin-d)
2016-04-01 08:42:53 Adam Heczko mos/7.0.x: status Incomplete Confirmed
2016-04-01 08:43:01 Adam Heczko mos/7.0.x: importance High Medium
2016-04-01 08:43:06 Adam Heczko mos/8.0.x: status Incomplete Confirmed
2016-04-01 08:43:10 Adam Heczko mos/8.0.x: importance High Medium
2016-04-01 08:43:14 Adam Heczko mos/9.0.x: status Incomplete Confirmed
2016-04-01 08:43:20 Adam Heczko mos/9.0.x: importance High Medium
2016-04-06 13:41:20 Dmitry Teselkin mos/9.0.x: importance Medium High
2016-04-06 13:41:24 Dmitry Teselkin mos/9.0.x: status Confirmed In Progress
2016-04-06 13:41:38 Dmitry Teselkin mos/9.0.x: assignee Dmitry Teselkin (teselkin-d) Albert Syriy (asyriy)
2016-04-08 10:35:52 Albert Syriy mos/9.0.x: status In Progress Fix Committed
2016-04-11 09:09:35 Dmitry Teselkin mos/8.0.x: assignee Dmitry Teselkin (teselkin-d) MOS Maintenance (mos-maintenance)
2016-04-11 09:09:47 Dmitry Teselkin mos/7.0.x: assignee Dmitry Teselkin (teselkin-d) MOS Maintenance (mos-maintenance)
2016-04-15 10:28:47 Alexander Gubanov mos/9.0.x: status Fix Committed Fix Released
2016-09-02 13:49:56 Denis Meltsaykin mos/8.0.x: status Confirmed Won't Fix
2016-09-02 13:50:10 Denis Meltsaykin mos/7.0.x: status Confirmed Won't Fix