-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-switch-dpdk openvswitch-testcontroller openvswitch-vtep Architecture: arm64 Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Thomas Goirand Description: openvswitch-common - Open vSwitch common components openvswitch-dbg - Debug symbols for Open vSwitch packages openvswitch-dev - Open vSwitch development package openvswitch-ipsec - Open vSwitch IPsec tunneling support openvswitch-switch - Open vSwitch switch implementations openvswitch-switch-dpdk - DPDK enabled Open vSwitch switch implementation openvswitch-testcontroller - Simple controller for testing OpenFlow setups openvswitch-vtep - Open vSwitch VTEP utilities Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: 9c49fd786ec3000d1f8bab091a35605b4c98c367 1674524 openvswitch-common_2.15.0+ds1-2+deb11u5_arm64.deb a73264fe551e03b22829cd0d798705913325463c 9667096 openvswitch-dbg_2.15.0+ds1-2+deb11u5_arm64.deb 343142d445d4badd051c7024f7b52fd8877a30ca 1435992 openvswitch-dev_2.15.0+ds1-2+deb11u5_arm64.deb d7a85fb76effb6e7d13a87a2d1268ec0936f261a 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_arm64.deb c152527383cd9442706a707e420dbfd1c37d2740 1081240 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_arm64.deb b5b60d6cc499d914f7f096506c006bc0f710fb1f 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_arm64.deb 7e20986a30415ad172c5bb1b504ab835941dceb2 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_arm64.deb e9d3f751fedd5d5aef1b46d76e767e5a13f736da 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_arm64.deb dff043cda188d5323e691b6fa780b91e654456f5 20923 openvswitch_2.15.0+ds1-2+deb11u5_arm64-buildd.buildinfo Checksums-Sha256: fe1b4e5a84cf4c49b75d0b94efb3b63c13c873efa0ec3d4928dc32a7a4137071 1674524 openvswitch-common_2.15.0+ds1-2+deb11u5_arm64.deb bc4ff55dee3c8d8b86c9fa84c8a78985cb343f0d75ec1f0c8ccd8f1ecbfb0953 9667096 openvswitch-dbg_2.15.0+ds1-2+deb11u5_arm64.deb 557468b9ce5443d0b873724d4c20d0489e22e7c9ba6c5bf1a135b8590475d63c 1435992 openvswitch-dev_2.15.0+ds1-2+deb11u5_arm64.deb 66df912838e968af0c1c6dc89e55ac29fceffaaa6168546c1ea133cc7d4a382f 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_arm64.deb c9def95f30e5602c633f0646a632f846502ddd285694ce87cda35435999be53d 1081240 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_arm64.deb ade028f04ffaa18eff52400f401ea65d4976aceb18a2887841a77c69f4395db2 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_arm64.deb e946c139d424b9a349781d355d59eb5c2d86f4d8b0d204d74b3382b92ccd6ecc 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_arm64.deb 9cce3a08ec93feafa603617763161e40b93025f6705a1632dc7d843c36703320 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_arm64.deb 08b66e5e8a7e841054f42d95906023ec3022cdb02b73d1f40a2fe7807ecd1857 20923 openvswitch_2.15.0+ds1-2+deb11u5_arm64-buildd.buildinfo Files: 08eaca5a7df84a72520a19817bac6e96 1674524 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_arm64.deb 5c3b99a5a48d2934ca014c578ca03ede 9667096 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_arm64.deb 25b04330288952c544bedb128699e605 1435992 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_arm64.deb 1a898160ca0d26912f3a2e7e3f9ab459 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_arm64.deb d28bb8764be507560e180443e14569d1 1081240 net optional openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_arm64.deb 728e62038a8401af8c5feab079a7b920 55408 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_arm64.deb 9270b44d5f23cc06c500437958e61a19 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_arm64.deb 5b774bb0ae9e280f39e61535c9017bf3 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_arm64.deb ced0715b6149bf02c249d271cc4ae1a9 20923 net optional openvswitch_2.15.0+ds1-2+deb11u5_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEV2QMHg/7F9BmqsxiZLztDiV8cXAFAmXxy8gACgkQZLztDiV8 cXBTow/9EUou1dY5RQz7JTetjJ1Jv1fImYJSD5ClUU4m151aqcsedj0yqUtgxRsr pmqv+uOWr7pSScyNmaGvx+eulL515yRJbmfzF9rzJnYN7nCR9Qcu+ararS2IsWFv i7FkfbEamaMWa0ob3IfQsuUUZSpYDhfDG5xE8DcN9pbqX4OM10UsBAJIyD0QevOC 4EtDFgpK1QnUcyGZy8DiHRKF+IICHGofGh1OnC9lBIWOrBqLCKN363sdd/hG4q7f 0Fr046+VHeoKAAHsLAV0aADyOYP7goLtokifLl7/rB/38PiBQX27TKi3OvGp6fEZ njqXkd3IxBx9qgInclLVH4k7m49IVp57m3XN5LJOJvT5wITuGS51yniwLIrPx6ng cA01Aq2JN6YAtjJfJ5YMExisIVcf1VZJ1bd9UTuJlr/mOSe85vHgeoHm2+UsI/Pr cB6sdcgcelTwSSTtvW2wOkvaY0mWzmjFsCxbK6nS4MaA6AQ4I9PrYI+UWKKErCB9 XXVBWEZFkBEfl+f0rVPDdfG4/py+qm+GECWDICAFvLIVZVBjeIrmw6OZJcUxRE+0 /zcqZzbuh2CJX5ZlC2cXXBnirS3wx1RADGo50tCdmUFRXcJLBHQLuVStzYac5bqN 9PR2jGNE2VcjHe2vQU91HJK275KcWpzqeUqcyrRvO5hL1F6CIAo= =zL9B -----END PGP SIGNATURE-----