-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Binary: openvswitch-pki python3-openvswitch Architecture: all Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Thomas Goirand Description: openvswitch-pki - Open vSwitch public key infrastructure dependency package python3-openvswitch - Python 3 bindings for Open vSwitch Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: dd6e6fc0ce76a7763d979b32013ffbce8c3762f3 39316 openvswitch-pki_2.15.0+ds1-2+deb11u5_all.deb 8dfa08c9848789dcb9d5ec038337c8560b1450e7 19191 openvswitch_2.15.0+ds1-2+deb11u5_all-buildd.buildinfo 421891e106cbe162c5003a12987ff75a4b0d69d8 128508 python3-openvswitch_2.15.0+ds1-2+deb11u5_all.deb Checksums-Sha256: 2e3fd53bc1ecd5afee9fc42655bda7aee15ad784dd123bedc8c460ac9cadbd77 39316 openvswitch-pki_2.15.0+ds1-2+deb11u5_all.deb 7d9040b81ce6a08cb306866ea25ba62679a1b9c2d8687a82e39f55cb7cc74b27 19191 openvswitch_2.15.0+ds1-2+deb11u5_all-buildd.buildinfo f87d837339d95be777d6055c82850af8a52f1f23152210d1c6dd5ed24c6bad8b 128508 python3-openvswitch_2.15.0+ds1-2+deb11u5_all.deb Files: b52918c363811c86d2e55d00d2ca4eea 39316 net optional openvswitch-pki_2.15.0+ds1-2+deb11u5_all.deb 949cef2d1e29d7e33928e029aaa97857 19191 net optional openvswitch_2.15.0+ds1-2+deb11u5_all-buildd.buildinfo 38c8e619c379a81c359b6d07254208a3 128508 python optional python3-openvswitch_2.15.0+ds1-2+deb11u5_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzW1K1578DQd6MDTQEbLkkg2OS0oFAmXxyF8ACgkQEbLkkg2O S0rfkQ//aoNVlWgYCjQs2gRGDkygwcFtL4U4HwYBO8da3A/gwcl/oIiOd2pTFmiT OP1qYScEt8HUf2Wh+JlFXXHx8+gTpzpWXxQcK/ZEq1WVwqk0Fsqk0cs6TJWX2B9b 9bzkIxmDOBdrPUkFPUA6AkGjNX/ViecoaJb+8SvUsnE2ZOOdOmGkmJDEgR5xIiB+ 3NV/+mM27WI9hnrnU1TPoGh/v1nwgjgnnXrgtpfDPOntXvvl8LJ+Dmz2KlNX/KWq kbqUknNqd4LT7klpyq14jUX6oOgpKIP0Oe+VwmkxR+VY64K7e5a4MtgutqP9qL1t NFft5/4rDR5gYpSu1R6uARVhyw6U23EV25wUqOxipGrUBhxc/8IB7V8Rrqafs5B4 NrdeO+IA4C2OQbtJn3LROzHiIEeAKSroxdo/2cfiMOYcWpeQZbzxTzu5uaJyHxMa ykFfOgl+r0moN7FyIrz+aomCijqblurwwYuALmru9AS0JqtsoD7mQSvR8ADbZgBq 5KJv7rhLwQDg+QNw1nPJhBTT78uMUfwolImU9ADqVrFXZn1fvD7Jh15ssws7QXwl 5hwIr0m/IBN9Zedc/k4Q5qYnypsYY2Aemf0i4F9/Ai86qPadk7ttgN7soelDlUSx BqOaEHLtaLJuZXWIlFThF4yd/OToMMvufG1ChsO3z5SNZe1fPLg= =octv -----END PGP SIGNATURE-----