The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0615 advisory.

    OpenShift Enterprise by Red Hat is the company's cloud computing     Platform-as-a-Service (PaaS) solution designed for on-premise or private     cloud deployments.

    A buffer overflow flaw was discovered in the OVS processing of MPLS labels.
    A remote attacker able to deliver a frame containing a malicious MPLS label     that would be processed by OVS could trigger the flaw and use the resulting     memory corruption to cause a denial of service (DoS) or, possibly, execute     arbitrary code. (CVE-2016-2074)

    Red Hat would like to thank the Open vSwitch Project for reporting these     issues. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as     the original reporters of CVE-2016-2074.

    This update includes the following images:

    openshift3/openvswitch:v3.1.1.6-9     aep3_beta/openvswitch:v3.1.1.6-9     openshift3/node:v3.1.1.6-16     aep3_beta/node:v3.1.1.6-16

    All openvswitch users are advised to upgrade to this updated package, which     contains a backported patch to correct this issue.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : openvswitch (RHSA-2016:0615)

critical Nessus Plugin ID 119369

Version 1.7

Version 1.6

Version 1.7 Mar 21, 2025, 4:46 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202503210446
Version 1.6 Jul 17, 2024, 7:20 AM Exploit attributes ("Exploit available" set to "False") CVSSv2 score source (set to "CVE-2016-2074") Plugin Feed: 202407170720