-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Architecture: source Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: 34a5b7218e922964b920af975a337efb793ee21d 3180 openvswitch_2.15.0+ds1-2+deb11u5.dsc cd73853ac6af987b904ca311890f35ce7b139c0e 67576 openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz 576f90d4b59173ae9e80e4dee18d8fcd3ebade48 22311 openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo Checksums-Sha256: a7a45a50decb56523b01dd2bf16aea6ccd31ae2ad83a69811e348a5882627a0d 3180 openvswitch_2.15.0+ds1-2+deb11u5.dsc 050d4030ad4f8de076e0810e7f177cb23beda7723d5d03bbb268c4fa58e220d2 67576 openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz 0c871396dafa96799ad4a1dc5272b9c1fc56bdba95203514603d959d047f8c15 22311 openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo Files: 50af790b543a56acdc0c632255f0b0d3 3180 net optional openvswitch_2.15.0+ds1-2+deb11u5.dsc cc3184ba4f964515bc71bd2ec593dfe2 67576 net optional openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz d8d9f497d90510f16b527c0bd5d38f84 22311 net optional openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmXxvHEACgkQ1BatFaxr Q/4Yhg//Uo8Bmaa+39C/8zgTfxEBd1/pkEMMwQRKSrEgPk+hF2uMm4p0hkKu2UPs iJT6T1nuOG1IUEaR104bUI5QIMcm4xAcrB9IEMmW0tc2cFXZHu33TI61M8djAGjL NDRTLdsLWg231sZK1A0yN2NH/QfVFFJ5Daobyv4f7iVIQxasCPO0EdjSAAZNAkoR xURlehbuR/vG+hs3NxqsobOfLXKp7E363WEVP/SfegP4aQuSbkAUJp6Iw30/380P okmvVHHVRDblMsZzzQtbo9mn+tfSszKed1lxyMc0LpONmKjPHLz0hnOhnWC5SJGK PenAnRasuNkpLVGr7mvtS5DH5BKMaA4z8Ta/V56mKOQ93HyxY6AozAvgIDyn2xcS 1IIRZfbGoyF6emv4DxWcYI8i+g+0eDHgUfHuB5TFjKDCx/4/adGw2HDoOZBqj+PV ZjQvfJ89ygO5wHJK65jBKZDYtnrcHhkdIRsAS8VCm5IpqswnCX7AFN67NrVxvaIu 8bFpK42CFIjgrI6TYzbn55868hqco94ApvwKHEqYY366JenQ+wK4S3ukEnqYN0My 64ISOqCrwptUCyt/RFmkTwUYvqUzJt6sBeztm8lXsTI2F58I0ibOS+A2CvnIBZzE DmtqNjxir0Ttbg9GDnXSl/ROE2lXe6YNsY1dHPAjlBbwn4rRlak= =e4+J -----END PGP SIGNATURE-----