-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-switch-dpdk openvswitch-testcontroller openvswitch-vtep Architecture: amd64 Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Thomas Goirand Description: openvswitch-common - Open vSwitch common components openvswitch-dbg - Debug symbols for Open vSwitch packages openvswitch-dev - Open vSwitch development package openvswitch-ipsec - Open vSwitch IPsec tunneling support openvswitch-switch - Open vSwitch switch implementations openvswitch-switch-dpdk - DPDK enabled Open vSwitch switch implementation openvswitch-testcontroller - Simple controller for testing OpenFlow setups openvswitch-vtep - Open vSwitch VTEP utilities Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: e906a9b6f243d51d9922d8043e41acb6a1bd1a11 1776344 openvswitch-common_2.15.0+ds1-2+deb11u5_amd64.deb f00deaee65c053377f7d0a79dcbc53aada014858 9763588 openvswitch-dbg_2.15.0+ds1-2+deb11u5_amd64.deb afc32a6c8d823a761c95447520029f15665364c7 1466152 openvswitch-dev_2.15.0+ds1-2+deb11u5_amd64.deb 4f056ed2bd9a1bf3df1f580bb6c9e81ceb201ef6 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_amd64.deb 16492d84790af32f37aa31450974dce06e979320 1168564 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_amd64.deb 540ea64ce6eaf933cccd5707840e57a999b77011 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_amd64.deb 66e9591153c8147f9ec66021cc650529f1c5d3d4 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_amd64.deb 8977cb5995849690290705af82daf59c4259493d 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_amd64.deb d5e23beef4b93bbcdb9534bc626e6dd5d5ce576a 21208 openvswitch_2.15.0+ds1-2+deb11u5_amd64-buildd.buildinfo Checksums-Sha256: 805347e3da795e6ccf0e6763b0f10ee8c2bf1b6bec3e922033349329fc797e67 1776344 openvswitch-common_2.15.0+ds1-2+deb11u5_amd64.deb 157efea8a09646323b607b1a0095acbcfcc769da5b867d63e7b558b0ee209d8b 9763588 openvswitch-dbg_2.15.0+ds1-2+deb11u5_amd64.deb d2729eff47cf256ce7dcf408aa1b1d20d7c6bc981bd5becf371b4146b2393078 1466152 openvswitch-dev_2.15.0+ds1-2+deb11u5_amd64.deb 3c411a25b1c03ad899c119cdc47b09f2be1b9ad3b1e34edb8eb2107eeae1278b 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_amd64.deb 3adb16c231035d5661e5e4f7c44c2a9110ffdefcf337c9aa76f49be3946ad843 1168564 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_amd64.deb aa83fbdb6b222d4ab70aaf56645e3121eb4f5504857113d0a131fcfc8426d7a6 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_amd64.deb ca73d38518771fa0b766e5f1514c031476643d4b64c302abbfa4ed02fcf5c305 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_amd64.deb e3931628ec8643e922121e20799de5cb028806c9563bea47147489c6b93a50d0 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_amd64.deb 7d8f4c6186f49837422fd283026f70b0a1e9ae0143c65d791af2bd46838c3537 21208 openvswitch_2.15.0+ds1-2+deb11u5_amd64-buildd.buildinfo Files: a3223d54a2a2ec73c8804e1b7070fc22 1776344 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_amd64.deb 3f725c6e08d8070c0a560845b2d5233d 9763588 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_amd64.deb 1e3d1dc4ca3e0ff2f5edb1da94aaacb2 1466152 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_amd64.deb e70350555013fd72c269b1268dba8e24 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_amd64.deb 2f027a0b4964f37bb90b7e20e7f3c754 1168564 net optional openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_amd64.deb bfa24e8b7d49aa423ade9cd48a7439a5 55408 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_amd64.deb c3f5316d9f6508a7778acd5f78a23106 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_amd64.deb f9221b764e2f77ca76e67fcb0540cfba 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_amd64.deb 1057b128347f628df29e7a85806dac2d 21208 net optional openvswitch_2.15.0+ds1-2+deb11u5_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEm6ockFjr4GqAKQq+9fU2VPgRs1YFAmXxyIAACgkQ9fU2VPgR s1Z4Og//Y0/V4eJG1OSbgB97hJwzhx3MVNmdO50xBK9eB5NmJZJgtILQBZGfcSiY 8r2I/XDopk0k9fchfTFUtqhkXM3/FZUuOzrgRoqx+yqB81nRIRzli/KWSXTYQZMI QB8nZ53FAvtqAr3VlxlMlXpfNiRyKG+CA+pToUyQj3SWVjjttkyWic41Mzd4LFHM SAMiXI0dViNGq48a7BHszSypR/NvJ/ky8RUTtWHP9bp3itTvaAytfoXUO8u5T5Qp cXklrLDUMlugRzY6hLshOVbXf4Hrb+js10G5aCw8wCTan6fSpYjdFSUkP2QX63Ge kjH5krPUkF93M1r6iz9JgAbmxTqa7kATMlFna8dhdvS3BvCMq+1CWPljcqskWctl 7NnrTRY8i2Z0JpnTBwrePJr6egJ2KFNtAEXzznRhe2hNuZcv7nwPAKtlYL7385+z eQjPQloum0tMeSkzHKbk7JT6OHXdUpVofzHe6x4rKEcvgiEgMgnZ0GI+stnKUxPx dwqMiSogm6ZuOERFkEsSltl061eNiND1mJ/8rA9i7oID5sUa10UhCMZIsIDwV/AO ZXrqztpyGKkyt9w7PkJgjgva5Ze9ymNOqDjTvl0yJZDrS08H1jVGiLDSWb/jsXQ/ C9h3GcCIJu3KlEp986JgCNFeKBmZCUu3eQ355nGhbPLUWbD6MO4= =X2yV -----END PGP SIGNATURE-----