-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-switch-dpdk openvswitch-testcontroller openvswitch-vtep Architecture: i386 Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Thomas Goirand Description: openvswitch-common - Open vSwitch common components openvswitch-dbg - Debug symbols for Open vSwitch packages openvswitch-dev - Open vSwitch development package openvswitch-ipsec - Open vSwitch IPsec tunneling support openvswitch-switch - Open vSwitch switch implementations openvswitch-switch-dpdk - DPDK enabled Open vSwitch switch implementation openvswitch-testcontroller - Simple controller for testing OpenFlow setups openvswitch-vtep - Open vSwitch VTEP utilities Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: 83db47617521a4ed15429e0288471eee57aa0e47 1925828 openvswitch-common_2.15.0+ds1-2+deb11u5_i386.deb 08e8321d9706ada1ed9bdea1a3ba6f4ca79e0c7e 8526836 openvswitch-dbg_2.15.0+ds1-2+deb11u5_i386.deb f5ffe1c66daf9ac78a16b4d3a8089c8cee011e37 1649432 openvswitch-dev_2.15.0+ds1-2+deb11u5_i386.deb ad8c0cec3ab683c1a6f141638437683405d44824 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_i386.deb 8bc1d52a4048de2bd33f4744f1a6f27fa44cb6b4 1294896 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_i386.deb e077c0ac79d03003675d0eebce2551bce8c3ed66 55412 openvswitch-switch_2.15.0+ds1-2+deb11u5_i386.deb ff975a0a432ac0d0acc4ac8a28f8f19eafd6b78c 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_i386.deb 3b8bb9c9d346378b6b593b3c2b4c7e5a62ad67a5 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_i386.deb e80f91f66abbc4092ab33f59b10fc8786d13dbe7 20677 openvswitch_2.15.0+ds1-2+deb11u5_i386-buildd.buildinfo Checksums-Sha256: 565accbcd52e1e2ae1a74d980e8d7117447c9397d00fa2e389f785ec57ee14fe 1925828 openvswitch-common_2.15.0+ds1-2+deb11u5_i386.deb 3c0f2a06cc622fe9408910c5903d14abd36c91e69445167185a9714e53ae7469 8526836 openvswitch-dbg_2.15.0+ds1-2+deb11u5_i386.deb a8d28ec2ef1344cd8fdfaa06dd470462c2e68d42765cfd31dbf8b016ffcf487c 1649432 openvswitch-dev_2.15.0+ds1-2+deb11u5_i386.deb ed8b0d8db7646f704ea36f806f1b3d16dccdc18abe06c260d1169320eb488d6b 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_i386.deb 42e7b7fe29d0fc3756d14f7eff624110bb05b792092f3acd71b9f1e1e8816938 1294896 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_i386.deb dec8b9b1837c6338b9cd04fd44d342da42b5746da53fa0f4b99db34412b054ff 55412 openvswitch-switch_2.15.0+ds1-2+deb11u5_i386.deb 5b952651e917873227aa5f48ca115d78463dfe6fba1481a5d414a22da3f2993e 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_i386.deb 43267d14479e529cef5455f1dcc8884dd0b18d70c33c0ced4695b8d356d9b8fd 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_i386.deb be1810e116c72008042bf9c9c0a03a5d2681ee6c345b405289ad33aa91b080e4 20677 openvswitch_2.15.0+ds1-2+deb11u5_i386-buildd.buildinfo Files: 0896b62fe0a49575b26554f11199a72f 1925828 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_i386.deb 053e217329e3c900cabb7d2e6f89cea8 8526836 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_i386.deb 9b7d2cccc3d340ea5ba1fee5764e3a33 1649432 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_i386.deb 11b9c41e8e9a51a5d5462e23f4ee5c34 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_i386.deb 29596e698573ff250eb3afcccc87aae6 1294896 net optional openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_i386.deb cb76b2aa7aa9a2c80ecb5b4e9ec85b16 55412 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_i386.deb fe18e8364f33b693c77d02f6b4aece0f 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_i386.deb b8ef33bb767161a24ddc1f5b74c378c7 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_i386.deb 81f59c5d36b7dee26a33704b9f62974f 20677 net optional openvswitch_2.15.0+ds1-2+deb11u5_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEm6ockFjr4GqAKQq+9fU2VPgRs1YFAmXxy/cACgkQ9fU2VPgR s1b+GBAAnaOBd44XH1lmT3S6dM4oj3NRvjzu+IQBHsX2wAAU5OdY76gbVNx9WFqX 86crz4Iikdx/+rEjuU3S/tLvqWrV0uNSX7B0gS22ZNMVIn1KZYxHeZ+8z6lyKvEZ jjT0hiJlVkLcXauu1VCJXwuYAzrr0uQi9x6/06frCR8t1h3zNfe4v6UT3MHhW5Kq w6cdeIUHjZ46RpmBp1yofdlrCaHxLCt/4IgyqPnVMZbHTD21ho0tl3ifWZzMxgdr SZ2+ccbKBULDSSjxiUsKgRCNwuZA41OGLKyct9bM3+mzaAZ+YfeAj5FVRcAlZD25 RI/OCsOPeMusMFRRZyJMFiJR26eO7CwWl8PZf6BjAYye0+oPUmiE2IrVuAv+R9MM kswNbEgMofVW0hY8+qqKdX0y99aQenlrhX3hthkDinvdoV2tITzvBr7mtXZmyZMy 5fmgCs30hwobc0vZI7QEOCCg/09CMUXRJXR/imd9Nm4BjeKVdzOfLklOuvzP9+Rp kg33BDo6YjzNXFG0K56H/1vf4FtExAX7o2q/AMm7MkuYGww7bCBcFAjrTa3rJqqt TifUw0fmokAKMOd2zXvjUgn1koIp38sCxkF+DzBNf8zm4pqtR/oIF/NyjfmNXNoU kjwTHbmJrlBf3oKGbdtKodwT1pmS2jlUUSsvalNesRyxCsxsRrc= =l1oK -----END PGP SIGNATURE-----