-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-switch-dpdk openvswitch-testcontroller openvswitch-vtep
Architecture: i386
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
openvswitch-common - Open vSwitch common components
openvswitch-dbg - Debug symbols for Open vSwitch packages
openvswitch-dev - Open vSwitch development package
openvswitch-ipsec - Open vSwitch IPsec tunneling support
openvswitch-switch - Open vSwitch switch implementations
openvswitch-switch-dpdk - DPDK enabled Open vSwitch switch implementation
openvswitch-testcontroller - Simple controller for testing OpenFlow setups
openvswitch-vtep - Open vSwitch VTEP utilities
Closes: 1063492
Changes:
openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
.
* CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
Advertisement packets between virtual machines to bypass OpenFlow rules.
This issue may allow a local attacker to create specially crafted packets
with a modified or spoofed target IP address field that can redirect ICMPv6
traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
on a final stage with ports trie".
Added additional patches that the LTS team added to fix this:
- Cherry-pick additional patch adjust-segment-boundary.patch
to fix test suite for the patch for this CVE.
- Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
new test ipv6-ND-dependency (added by the previous patch)
* CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
upstream patches (Closes: #1063492):
- Fix the mask for tunnel metadata length
- Check geneve metadata length
* CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
patch "Fix memory leak in ovs_pcap_open".
* Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
83db47617521a4ed15429e0288471eee57aa0e47 1925828 openvswitch-common_2.15.0+ds1-2+deb11u5_i386.deb
08e8321d9706ada1ed9bdea1a3ba6f4ca79e0c7e 8526836 openvswitch-dbg_2.15.0+ds1-2+deb11u5_i386.deb
f5ffe1c66daf9ac78a16b4d3a8089c8cee011e37 1649432 openvswitch-dev_2.15.0+ds1-2+deb11u5_i386.deb
ad8c0cec3ab683c1a6f141638437683405d44824 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_i386.deb
8bc1d52a4048de2bd33f4744f1a6f27fa44cb6b4 1294896 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_i386.deb
e077c0ac79d03003675d0eebce2551bce8c3ed66 55412 openvswitch-switch_2.15.0+ds1-2+deb11u5_i386.deb
ff975a0a432ac0d0acc4ac8a28f8f19eafd6b78c 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_i386.deb
3b8bb9c9d346378b6b593b3c2b4c7e5a62ad67a5 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_i386.deb
e80f91f66abbc4092ab33f59b10fc8786d13dbe7 20677 openvswitch_2.15.0+ds1-2+deb11u5_i386-buildd.buildinfo
Checksums-Sha256:
565accbcd52e1e2ae1a74d980e8d7117447c9397d00fa2e389f785ec57ee14fe 1925828 openvswitch-common_2.15.0+ds1-2+deb11u5_i386.deb
3c0f2a06cc622fe9408910c5903d14abd36c91e69445167185a9714e53ae7469 8526836 openvswitch-dbg_2.15.0+ds1-2+deb11u5_i386.deb
a8d28ec2ef1344cd8fdfaa06dd470462c2e68d42765cfd31dbf8b016ffcf487c 1649432 openvswitch-dev_2.15.0+ds1-2+deb11u5_i386.deb
ed8b0d8db7646f704ea36f806f1b3d16dccdc18abe06c260d1169320eb488d6b 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_i386.deb
42e7b7fe29d0fc3756d14f7eff624110bb05b792092f3acd71b9f1e1e8816938 1294896 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_i386.deb
dec8b9b1837c6338b9cd04fd44d342da42b5746da53fa0f4b99db34412b054ff 55412 openvswitch-switch_2.15.0+ds1-2+deb11u5_i386.deb
5b952651e917873227aa5f48ca115d78463dfe6fba1481a5d414a22da3f2993e 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_i386.deb
43267d14479e529cef5455f1dcc8884dd0b18d70c33c0ced4695b8d356d9b8fd 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_i386.deb
be1810e116c72008042bf9c9c0a03a5d2681ee6c345b405289ad33aa91b080e4 20677 openvswitch_2.15.0+ds1-2+deb11u5_i386-buildd.buildinfo
Files:
0896b62fe0a49575b26554f11199a72f 1925828 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_i386.deb
053e217329e3c900cabb7d2e6f89cea8 8526836 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_i386.deb
9b7d2cccc3d340ea5ba1fee5764e3a33 1649432 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_i386.deb
11b9c41e8e9a51a5d5462e23f4ee5c34 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_i386.deb
29596e698573ff250eb3afcccc87aae6 1294896 net optional openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_i386.deb
cb76b2aa7aa9a2c80ecb5b4e9ec85b16 55412 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_i386.deb
fe18e8364f33b693c77d02f6b4aece0f 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_i386.deb
b8ef33bb767161a24ddc1f5b74c378c7 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_i386.deb
81f59c5d36b7dee26a33704b9f62974f 20677 net optional openvswitch_2.15.0+ds1-2+deb11u5_i386-buildd.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm6ockFjr4GqAKQq+9fU2VPgRs1YFAmXxy/cACgkQ9fU2VPgR
s1b+GBAAnaOBd44XH1lmT3S6dM4oj3NRvjzu+IQBHsX2wAAU5OdY76gbVNx9WFqX
86crz4Iikdx/+rEjuU3S/tLvqWrV0uNSX7B0gS22ZNMVIn1KZYxHeZ+8z6lyKvEZ
jjT0hiJlVkLcXauu1VCJXwuYAzrr0uQi9x6/06frCR8t1h3zNfe4v6UT3MHhW5Kq
w6cdeIUHjZ46RpmBp1yofdlrCaHxLCt/4IgyqPnVMZbHTD21ho0tl3ifWZzMxgdr
SZ2+ccbKBULDSSjxiUsKgRCNwuZA41OGLKyct9bM3+mzaAZ+YfeAj5FVRcAlZD25
RI/OCsOPeMusMFRRZyJMFiJR26eO7CwWl8PZf6BjAYye0+oPUmiE2IrVuAv+R9MM
kswNbEgMofVW0hY8+qqKdX0y99aQenlrhX3hthkDinvdoV2tITzvBr7mtXZmyZMy
5fmgCs30hwobc0vZI7QEOCCg/09CMUXRJXR/imd9Nm4BjeKVdzOfLklOuvzP9+Rp
kg33BDo6YjzNXFG0K56H/1vf4FtExAX7o2q/AMm7MkuYGww7bCBcFAjrTa3rJqqt
TifUw0fmokAKMOd2zXvjUgn1koIp38sCxkF+DzBNf8zm4pqtR/oIF/NyjfmNXNoU
kjwTHbmJrlBf3oKGbdtKodwT1pmS2jlUUSsvalNesRyxCsxsRrc=
=l1oK
-----END PGP SIGNATURE-----