-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-testcontroller openvswitch-vtep Architecture: s390x Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Thomas Goirand Description: openvswitch-common - Open vSwitch common components openvswitch-dbg - Debug symbols for Open vSwitch packages openvswitch-dev - Open vSwitch development package openvswitch-ipsec - Open vSwitch IPsec tunneling support openvswitch-switch - Open vSwitch switch implementations openvswitch-testcontroller - Simple controller for testing OpenFlow setups openvswitch-vtep - Open vSwitch VTEP utilities Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: ebd6da49a5e4456c9c87e20da42a50b41b5aecd9 1652776 openvswitch-common_2.15.0+ds1-2+deb11u5_s390x.deb 2505a9d75607bc2be699f417f101aa6be8249e16 5290464 openvswitch-dbg_2.15.0+ds1-2+deb11u5_s390x.deb 2df2913022414a221515d25c583456fe3d13b06d 1364556 openvswitch-dev_2.15.0+ds1-2+deb11u5_s390x.deb f32fef07a32aa5f26f25cf2458eb91602e246ac4 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_s390x.deb cce83f57a4de0aeaa5ef3afeb18e4076035a2c38 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_s390x.deb 3af123cd75a9f99e7f7995486e5e2a214d45d22e 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_s390x.deb 7d124d87bbc8e294df3b1e2aaf5a45d88e9d4023 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_s390x.deb eb75703641c739b3055cb3e96383cb802bb4a26b 11784 openvswitch_2.15.0+ds1-2+deb11u5_s390x-buildd.buildinfo Checksums-Sha256: 8c315e12021ead177481f1ebbbc7f49c381e52726e3be6a12c07ecd519e5e5df 1652776 openvswitch-common_2.15.0+ds1-2+deb11u5_s390x.deb 75a378e87bdcef56f029f8c74030465266647250c014562f06efab726fcbd4a3 5290464 openvswitch-dbg_2.15.0+ds1-2+deb11u5_s390x.deb d4a794e711c14bc923e279f84fa29b0065fdee4a85f7b7bfe4dba5f58d96c6f4 1364556 openvswitch-dev_2.15.0+ds1-2+deb11u5_s390x.deb 5c6efad2faa3c931380486bb9e92740d875edff245bcf78d3a4d0846440a72ee 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_s390x.deb 601c45a66ced10a69e83655dcdb63071795a7a5ac3e51ef98b4bfd7e970c201e 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_s390x.deb cf6079e113d0d9d41cea396d3ddbe74c3604b8851f7ee8ee4a24c27603ce027f 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_s390x.deb 743fb081346272c3bca551cc9f4ddafb6deda9b1fc18d997296216b784b441f7 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_s390x.deb 60b34559812a07d332a438c10cbb4060d690975c7c8ae60033bfe28084f02b08 11784 openvswitch_2.15.0+ds1-2+deb11u5_s390x-buildd.buildinfo Files: b217d2efe21f6fe11999f498cc26cbdd 1652776 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_s390x.deb 80c4038523fd3fe9f5c90e43df812e15 5290464 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_s390x.deb 341491f26eeb0292c10e58d9bb2217e0 1364556 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_s390x.deb f9e4ab40737b3e9396871e5f38bdb468 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_s390x.deb c9fbfaf3569f3897bd01448ce65eb07b 55408 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_s390x.deb eaea41da06aed04978a1fdea3572cc76 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_s390x.deb 7ea58cd5d86990853669c7d1090b2c46 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_s390x.deb 3777f7e576f4570b3a5bb1bf713d1271 11784 net optional openvswitch_2.15.0+ds1-2+deb11u5_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEctqRAwcjFMIrbct74euoNlQ3ywQFAmXxxd4ACgkQ4euoNlQ3 ywSIzw//YM2a7HGgj2yNAsVfnjvD80CoD3uieJ1C8QCV3BISlvF6qo0DIu/BJE1k +Ny8x/FMK8nNXIdG6RaT5DAXpNxVACKh3yR/G6ZfH0k2N007w8D4+eq0IworZ7vL zW2GQAv+3XQNlIkyptp8hsK/FB4if6pNjEsCE5p5XRtfmTzVRqRhaBS2kd1EitQu /Bqt+1h8LcSYKOZ2WiGiNc11woB0fA9u258p2fGvI5TZ1gRA+6VOrmXwRqwicXXX +QwNAPw7sox8asfhySjODp6VGXCRsWZYX+dcG+le+DcfIPcbHJcN03AoOTl21zlx rBhS/XANZpQ9+I05XqIqzIY/CBUFMFnhoZWXwKN9lsjcTxHkLrHxVpB7rew+GZ3V DZ7p/eAAHfhD2tHaZ8VuE6aENETysXbna38Npxl/y5dZoP0fz4RdDWFq0A8Hh5T8 4PsBl2a2J+kwP/UtAjhOYSJAiF/fyR/yWur95J0wuhHmMo8r6mJ91ZPP8B8acgAY tI24TNFMQrMp6qjcG17RweI/ScFHPg4GRKS0EmqgMuMDg0eGSRZEoPHYzgpe3mHL 6S8ku8zfJXf4JrHrvNcDgBIob/liZeZYfKIsfZ105Tmxz+2wrW8sgCOdG2TNolxD USbVw8lqK2o0RCiZl5B2JcwNxfNOd2z1NyGQTl85PM74Tjgys2Y= =HNji -----END PGP SIGNATURE-----