-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-testcontroller openvswitch-vtep Architecture: armel Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Thomas Goirand Description: openvswitch-common - Open vSwitch common components openvswitch-dbg - Debug symbols for Open vSwitch packages openvswitch-dev - Open vSwitch development package openvswitch-ipsec - Open vSwitch IPsec tunneling support openvswitch-switch - Open vSwitch switch implementations openvswitch-testcontroller - Simple controller for testing OpenFlow setups openvswitch-vtep - Open vSwitch VTEP utilities Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: 1d4c1d1b83b185451bab8ba7b5f07ec42b5843a6 1571740 openvswitch-common_2.15.0+ds1-2+deb11u5_armel.deb 37fec7e123c7645b3c161624fe2d6220a46182bb 5085264 openvswitch-dbg_2.15.0+ds1-2+deb11u5_armel.deb 9bc23963edf95057dbc88839ea0035c92ba84bb8 1345948 openvswitch-dev_2.15.0+ds1-2+deb11u5_armel.deb 6f4127cdc566e919568adecd2fa2aed01f07959a 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_armel.deb ce37eab932b3546bedf52ba3464347ba2b623544 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_armel.deb ee3ffc748bea5d46b80e872650cdea9e551a4f04 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_armel.deb 1518430418313d56d766edeadfbb90c93c5126e0 41084 openvswitch-vtep_2.15.0+ds1-2+deb11u5_armel.deb eb359329fdc929fe95878d6ff5fecdce0c8d7949 11737 openvswitch_2.15.0+ds1-2+deb11u5_armel-buildd.buildinfo Checksums-Sha256: 56daaf533224776df9ce0d65d68870ee93a605509e6294c1162643658da4b164 1571740 openvswitch-common_2.15.0+ds1-2+deb11u5_armel.deb 55224271036fd058216956a7ba3a0eaafc3569ef351ace35540e8e95702230f7 5085264 openvswitch-dbg_2.15.0+ds1-2+deb11u5_armel.deb 2622d1dbd7dc272d7d385754f4435fd85f84922101c89f8caa86a921687243ee 1345948 openvswitch-dev_2.15.0+ds1-2+deb11u5_armel.deb ff5471c2de20cd1924d20685a65cccd10a1c94163dcc138d6503976a491ab9c9 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_armel.deb fd1baeb0e62671e92c4533d0593d87011731b834180d88867da85b4052c0d345 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_armel.deb df01413f40490d885655871f95f55e4d365a2907f4d0b1b6d409e411b71233b6 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_armel.deb 5e47d810959859767e36f11f19907e3cc43a3dbb1a98465cc885378d3b0e687b 41084 openvswitch-vtep_2.15.0+ds1-2+deb11u5_armel.deb efae047c277c985718db40c7540b5445e5dd059ddd3289f3b66a1a59db537e9f 11737 openvswitch_2.15.0+ds1-2+deb11u5_armel-buildd.buildinfo Files: b4e519bf3cdadf5ec9fa90a96d7a09ca 1571740 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_armel.deb 0e2e5846d01f4c2d6f71545cf6e8c20f 5085264 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_armel.deb 4753dc992ef7103130b071cd3b2abd5e 1345948 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_armel.deb c797b406ea32aef969c954e160b73f5c 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_armel.deb 4b85b4a250238eb036975e4a62557512 55408 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_armel.deb 224360f7db19134391629be4e21e7da7 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_armel.deb ca65332751b961d94303490257f0f779 41084 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_armel.deb 7c13d55ad0cb93ad9284e50ab6d90662 11737 net optional openvswitch_2.15.0+ds1-2+deb11u5_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEU5Ohx66NeEdc9V4jWTHLDRjMKsQFAmXxzNMACgkQWTHLDRjM KsSaiA//dUPewjGWb8nJbV5pKjbDzCkoWCqffWadg1dHcGPdumZh5N7ZD91K9erm Jtp6LVtyW54yrTlmXVEQmAnXPzV8XFHM005kPFNSoRvsApUXaOq6MN+jCXLxEAvo Zhj7UcnU8vfsU6oLLKJfxxvum/cYfDjlo61fsnDOenaosEFWh+jwdK++B9/vzUsX QyC82/ML0SwmGqaJdoNKeeAVZ+SRy0YYeywFPhb20cTv+RWicO8vK2h5dtAqm9de FNYUPRkoiA5npyplo8UmgdXhsIlWE2Ad/hJFimYACJEmaPCdJD5K2E1mHefpaytg yjTDISLHkzmbjcanZpy8IkzaQjWRETxJmr17XpmdWOxggX37oz423kWQ9dAUCJxX AB0i7NrpT1pKDNf+thjTkfChqKFUxbD+arsCasvgNeSX7GlI7kOv2XTDs6sVwj8r To2j/5wyjmfJlW/X/WWFO/1Oq6bor+1/7OTAvBk50Cb4Zvy+YCafAgdBVW/xbN8Z JuIvFko6GJ7c4BuBKoHnwwdKL9WK4bREAf/cpy1nElOFh05T2/5cYJtqPechmhhu LPHplBSoD6ulYhWyYruC22lgVXBRdY7G10xyay/vcF+KyhkItmfE78w6o1x2tFNC o7A4fOK2SwetjBT3TFur47c5N3RBvPRhVbeiGrICKxMJ4gXlgoc= =PaST -----END PGP SIGNATURE-----