openvswitch - Debian Package Tracker

general

source: openvswitch (main)
version: 3.7.1-2
maintainer: Debian OpenStack (DMD)
uploaders: Simon Horman [DMD] – Thomas Goirand [DMD] – Christian Ehrhardt [DMD] – Luca Boccassi [DMD] – Michal Arbet [DMD]
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.15.0+ds1-2+deb11u5
o-o-sec: 2.15.0+ds1-2+deb11u5
oldstable: 3.1.0-2+deb12u1
old-sec: 3.1.0-2+deb12u1
stable: 3.5.0-1
testing: 3.7.1-2
unstable: 3.7.1-2

versioned links

2.15.0+ds1-2+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.0-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

openvswitch-common
openvswitch-doc
openvswitch-ipsec
openvswitch-pki
openvswitch-source
openvswitch-switch
openvswitch-switch-dpdk
openvswitch-test
openvswitch-testcontroller
openvswitch-vtep
python3-openvswitch

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-25076: The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.

Created: 2022-09-09 Last update: 2026-05-06 06:32

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2019-25076: The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.

Created: 2025-08-09 Last update: 2026-05-06 06:32

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2026-34956: A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.

1 issue postponed or untriaged:

CVE-2019-25076: (needs triaging) The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.

Created: 2026-04-01 Last update: 2026-05-06 06:32

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 20f01462c5087c9e9b173d24499a71961b5595ba
Author: Luca Boccassi <luca.boccassi@gmail.com>
Date:   Thu May 21 13:11:47 2026 +0100

    d/control: fix Vcs-Browser to point to default branch

Created: 2026-02-24 Last update: 2026-05-21 13:01

Multiarch hinter reports 2 issue(s) low

There are issues with the multiarch metadata for this package.

openvswitch-doc could be marked Multi-Arch: foreign
openvswitch-source could be marked Multi-Arch: foreign

Created: 2021-02-21 Last update: 2026-05-28 17:31

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2019-25076: (postponed; to be fixed through a stable update) The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
CVE-2026-34956: (needs triaging) A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-08-09 Last update: 2026-05-06 06:32

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2019-25076: (postponed; to be fixed through a stable update) The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.

You can find information about how to handle this issue in the security team's documentation.

1 issue that should be fixed with the next stable update:

CVE-2026-34956: A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.

Created: 2023-06-10 Last update: 2026-05-06 06:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.2).

Created: 2024-04-07 Last update: 2026-04-14 15:16

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-04-16] openvswitch 3.7.1-2 MIGRATED to testing (Debian testing watch)
[2026-04-14] Accepted openvswitch 3.7.1-2 (source) into unstable (Frode Nordahl) (signed by: Luca Boccassi)
[2026-04-03] openvswitch 3.7.1-1 MIGRATED to testing (Debian testing watch)
[2026-04-01] Accepted openvswitch 3.7.1-1 (source) into unstable (Thomas Goirand)
[2026-03-08] openvswitch 3.7.0-1 MIGRATED to testing (Debian testing watch)
[2026-03-04] Accepted openvswitch 3.7.0-1 (source) into unstable (Matteo Perin) (signed by: Luca Boccassi)
[2026-02-26] openvswitch 3.7.0~git20260211.8c6ebf8-1~1.gbp9127d3 MIGRATED to testing (Debian testing watch)
[2026-02-24] Accepted openvswitch 3.7.0~git20260211.8c6ebf8-1~1.gbp9127d3 (source) into unstable (Thomas Goirand)
[2026-02-23] Accepted openvswitch 3.7.0~git20260211.8c6ebf8-1~1.gbp9127d2 (source) into unstable (Thomas Goirand)
[2026-02-20] openvswitch 3.7.0~git20260211.8c6ebf8-1~1.gbp9127d1 MIGRATED to testing (Debian testing watch)
[2026-02-13] Accepted openvswitch 3.7.0~git20260211.8c6ebf8-1~1.gbp9127d1 (source) into unstable (Matteo Perin) (signed by: Luca Boccassi)
[2026-02-11] openvswitch 3.6.0-7 MIGRATED to testing (Debian testing watch)
[2026-02-08] Accepted openvswitch 3.6.0-7 (source) into unstable (Thomas Goirand)
[2025-12-09] openvswitch 3.6.0-6 MIGRATED to testing (Debian testing watch)
[2025-12-07] Accepted openvswitch 3.6.0-6 (source) into unstable (Thomas Goirand)
[2025-12-01] openvswitch 3.6.0-5 MIGRATED to testing (Debian testing watch)
[2025-11-28] Accepted openvswitch 3.6.0-5 (source) into unstable (Thomas Goirand)
[2025-11-28] Accepted openvswitch 3.6.0-3 (source) into unstable (Thomas Goirand)
[2025-08-25] openvswitch 3.6.0-2 MIGRATED to testing (Debian testing watch)
[2025-08-22] Accepted openvswitch 3.6.0-2 (source) into unstable (Thomas Goirand)
[2025-08-20] Accepted openvswitch 3.6.0-1 (source) into unstable (Frode Nordahl) (signed by: Luca Boccassi)
[2025-02-20] openvswitch 3.5.0-1 MIGRATED to testing (Debian testing watch)
[2025-02-18] Accepted openvswitch 3.5.0-1 (source) into unstable (Frode Nordahl) (signed by: Luca Boccassi)
[2024-12-21] openvswitch 3.5.0~git20241129.2af7cef-2 MIGRATED to testing (Debian testing watch)
[2024-12-16] Accepted openvswitch 3.5.0~git20241129.2af7cef-2 (source) into unstable (Luca Boccassi)
[2024-12-03] Accepted openvswitch 3.5.0~git20241129.2af7cef-1 (source) into experimental (Frode Nordahl) (signed by: Luca Boccassi)
[2024-08-21] openvswitch 3.4.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-15] Accepted openvswitch 3.4.0-1 (source) into unstable (Frode Nordahl) (signed by: Luca Boccassi)
[2024-06-16] openvswitch 3.3.1-1 MIGRATED to testing (Debian testing watch)
[2024-06-10] Accepted openvswitch 3.3.1-1 (source) into unstable (Frode Nordahl) (signed by: Luca Boccassi)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.7.1-2
32 bugs