-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 18 Feb 2024 16:46:26 +0100 Source: openvswitch Architecture: source Version: 3.1.0-2+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1063492 Changes: openvswitch (3.1.0-2+deb12u1) bookworm-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Added upstream patch: netdev-offload-tc: Check geneve metadata length (Closes: #1063492). Checksums-Sha1: 6fddff647c4124aa3e34552fb523ee4632c95a42 3559 openvswitch_3.1.0-2+deb12u1.dsc f1fd1f728cbf71894c752b546cd3c27d57ebaebe 4847692 openvswitch_3.1.0.orig.tar.xz 6e6cbffad704d727e6b3e4b05dd83a1be765f62d 74096 openvswitch_3.1.0-2+deb12u1.debian.tar.xz 8b24eaa8734c78d1bc87330092ecaa365a95334e 25342 openvswitch_3.1.0-2+deb12u1_amd64.buildinfo Checksums-Sha256: 22ca1b4ea0ac2e00c6d017aeb3fc16a2d1e381338414960011543ee2a16a9b4a 3559 openvswitch_3.1.0-2+deb12u1.dsc c56c34e37058ce4dd131733b0b24c9b557b0d0ee092a9786739b51f5e906a297 4847692 openvswitch_3.1.0.orig.tar.xz a73be9099e7014117cc7625711efeed1e0b90c2cef3a3341f146cfb7ce37df8d 74096 openvswitch_3.1.0-2+deb12u1.debian.tar.xz 301974eaed1bee652b6b4a53c48be3638e8ac72b3b4c495e2cad5ea06bfce1fd 25342 openvswitch_3.1.0-2+deb12u1_amd64.buildinfo Files: 8fcf6e716a9c556bfbebc93bdfd86f4b 3559 net optional openvswitch_3.1.0-2+deb12u1.dsc 45a3b182b9cbf6d9c98c76c0026a65d6 4847692 net optional openvswitch_3.1.0.orig.tar.xz 5cbf3df575d6aaa567c28c3c4b67c47e 74096 net optional openvswitch_3.1.0-2+deb12u1.debian.tar.xz b88ccade8d141cc34354dac8bec9c9f2 25342 net optional openvswitch_3.1.0-2+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmXxu3YACgkQ1BatFaxr Q/6hSg//QPjYGfVAu1TvYCU2jFEJV5M3jvGj2J16OM5jmciYxmgkQNoritawmWaC EYMixP/rEcuX2tA5PUxTnoa6/qd999rZOOamffwocEt/jTcuoyac1jpVeRwb3+Dr OjU/gXTCPxyfJFeDVSez2Pb42Ff17xaq/aFfWdyO+aeE2SBTpFB0fimouqmNjvd0 KccdW4Llsf+UtcHD4D+Q4IknMDXtn2eeLZShvjgjVDkNONMNlpYIqiUNFHbXGo09 /PgNfStjwbYh+ZXhVEkHWaXtyjN79ylUD34HwMFAS69XXVyQ0FFXtp/NCBiHLKNl XjD1KzCpS78Ay06nkKMLKd+A87Ez7lclQgbGkoK1eI6GAz8CtU7dGTMRgIsSaN0S HHfA2MfNtFGTaXVeBL7yCw3x4Iqf6OPg0kxY9lI3yaTJpkYKr0LUK+WTIA3EKIhJ NYvU+YR86gC6fjC8NH4vHWR4H016vAAFVVvt0vfMIv3E4IelSgyOsfrCjzOsBFu6 eQZvdNZ7ext7hE5JBpZ8tUkZkuYIQHhRstwN/JYr5B8dqYIz65sR0Yv44mus+FTK 6pfJAG5EZH7xGrOiD3VbnspOMadonyTkMQgrr/JS6VHpIItKth4XBjjBlYB4alzW 4FRqBGHhS9RwskV/ipMWB177kEtgQr4ZC0xzJ0gpVwrkpb5TB1k= =bC4r -----END PGP SIGNATURE-----