-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-switch-dpdk openvswitch-testcontroller openvswitch-vtep
Architecture: amd64
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
openvswitch-common - Open vSwitch common components
openvswitch-dbg - Debug symbols for Open vSwitch packages
openvswitch-dev - Open vSwitch development package
openvswitch-ipsec - Open vSwitch IPsec tunneling support
openvswitch-switch - Open vSwitch switch implementations
openvswitch-switch-dpdk - DPDK enabled Open vSwitch switch implementation
openvswitch-testcontroller - Simple controller for testing OpenFlow setups
openvswitch-vtep - Open vSwitch VTEP utilities
Closes: 1063492
Changes:
openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
.
* CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
Advertisement packets between virtual machines to bypass OpenFlow rules.
This issue may allow a local attacker to create specially crafted packets
with a modified or spoofed target IP address field that can redirect ICMPv6
traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
on a final stage with ports trie".
Added additional patches that the LTS team added to fix this:
- Cherry-pick additional patch adjust-segment-boundary.patch
to fix test suite for the patch for this CVE.
- Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
new test ipv6-ND-dependency (added by the previous patch)
* CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
upstream patches (Closes: #1063492):
- Fix the mask for tunnel metadata length
- Check geneve metadata length
* CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
patch "Fix memory leak in ovs_pcap_open".
* Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
e906a9b6f243d51d9922d8043e41acb6a1bd1a11 1776344 openvswitch-common_2.15.0+ds1-2+deb11u5_amd64.deb
f00deaee65c053377f7d0a79dcbc53aada014858 9763588 openvswitch-dbg_2.15.0+ds1-2+deb11u5_amd64.deb
afc32a6c8d823a761c95447520029f15665364c7 1466152 openvswitch-dev_2.15.0+ds1-2+deb11u5_amd64.deb
4f056ed2bd9a1bf3df1f580bb6c9e81ceb201ef6 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_amd64.deb
16492d84790af32f37aa31450974dce06e979320 1168564 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_amd64.deb
540ea64ce6eaf933cccd5707840e57a999b77011 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_amd64.deb
66e9591153c8147f9ec66021cc650529f1c5d3d4 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_amd64.deb
8977cb5995849690290705af82daf59c4259493d 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_amd64.deb
d5e23beef4b93bbcdb9534bc626e6dd5d5ce576a 21208 openvswitch_2.15.0+ds1-2+deb11u5_amd64-buildd.buildinfo
Checksums-Sha256:
805347e3da795e6ccf0e6763b0f10ee8c2bf1b6bec3e922033349329fc797e67 1776344 openvswitch-common_2.15.0+ds1-2+deb11u5_amd64.deb
157efea8a09646323b607b1a0095acbcfcc769da5b867d63e7b558b0ee209d8b 9763588 openvswitch-dbg_2.15.0+ds1-2+deb11u5_amd64.deb
d2729eff47cf256ce7dcf408aa1b1d20d7c6bc981bd5becf371b4146b2393078 1466152 openvswitch-dev_2.15.0+ds1-2+deb11u5_amd64.deb
3c411a25b1c03ad899c119cdc47b09f2be1b9ad3b1e34edb8eb2107eeae1278b 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_amd64.deb
3adb16c231035d5661e5e4f7c44c2a9110ffdefcf337c9aa76f49be3946ad843 1168564 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_amd64.deb
aa83fbdb6b222d4ab70aaf56645e3121eb4f5504857113d0a131fcfc8426d7a6 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_amd64.deb
ca73d38518771fa0b766e5f1514c031476643d4b64c302abbfa4ed02fcf5c305 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_amd64.deb
e3931628ec8643e922121e20799de5cb028806c9563bea47147489c6b93a50d0 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_amd64.deb
7d8f4c6186f49837422fd283026f70b0a1e9ae0143c65d791af2bd46838c3537 21208 openvswitch_2.15.0+ds1-2+deb11u5_amd64-buildd.buildinfo
Files:
a3223d54a2a2ec73c8804e1b7070fc22 1776344 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_amd64.deb
3f725c6e08d8070c0a560845b2d5233d 9763588 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_amd64.deb
1e3d1dc4ca3e0ff2f5edb1da94aaacb2 1466152 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_amd64.deb
e70350555013fd72c269b1268dba8e24 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_amd64.deb
2f027a0b4964f37bb90b7e20e7f3c754 1168564 net optional openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_amd64.deb
bfa24e8b7d49aa423ade9cd48a7439a5 55408 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_amd64.deb
c3f5316d9f6508a7778acd5f78a23106 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_amd64.deb
f9221b764e2f77ca76e67fcb0540cfba 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_amd64.deb
1057b128347f628df29e7a85806dac2d 21208 net optional openvswitch_2.15.0+ds1-2+deb11u5_amd64-buildd.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm6ockFjr4GqAKQq+9fU2VPgRs1YFAmXxyIAACgkQ9fU2VPgR
s1Z4Og//Y0/V4eJG1OSbgB97hJwzhx3MVNmdO50xBK9eB5NmJZJgtILQBZGfcSiY
8r2I/XDopk0k9fchfTFUtqhkXM3/FZUuOzrgRoqx+yqB81nRIRzli/KWSXTYQZMI
QB8nZ53FAvtqAr3VlxlMlXpfNiRyKG+CA+pToUyQj3SWVjjttkyWic41Mzd4LFHM
SAMiXI0dViNGq48a7BHszSypR/NvJ/ky8RUTtWHP9bp3itTvaAytfoXUO8u5T5Qp
cXklrLDUMlugRzY6hLshOVbXf4Hrb+js10G5aCw8wCTan6fSpYjdFSUkP2QX63Ge
kjH5krPUkF93M1r6iz9JgAbmxTqa7kATMlFna8dhdvS3BvCMq+1CWPljcqskWctl
7NnrTRY8i2Z0JpnTBwrePJr6egJ2KFNtAEXzznRhe2hNuZcv7nwPAKtlYL7385+z
eQjPQloum0tMeSkzHKbk7JT6OHXdUpVofzHe6x4rKEcvgiEgMgnZ0GI+stnKUxPx
dwqMiSogm6ZuOERFkEsSltl061eNiND1mJ/8rA9i7oID5sUa10UhCMZIsIDwV/AO
ZXrqztpyGKkyt9w7PkJgjgva5Ze9ymNOqDjTvl0yJZDrS08H1jVGiLDSWb/jsXQ/
C9h3GcCIJu3KlEp986JgCNFeKBmZCUu3eQ355nGhbPLUWbD6MO4=
=X2yV
-----END PGP SIGNATURE-----