-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-switch-dpdk openvswitch-testcontroller openvswitch-vtep Architecture: ppc64el Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-conova-02) Changed-By: Thomas Goirand Description: openvswitch-common - Open vSwitch common components openvswitch-dbg - Debug symbols for Open vSwitch packages openvswitch-dev - Open vSwitch development package openvswitch-ipsec - Open vSwitch IPsec tunneling support openvswitch-switch - Open vSwitch switch implementations openvswitch-switch-dpdk - DPDK enabled Open vSwitch switch implementation openvswitch-testcontroller - Simple controller for testing OpenFlow setups openvswitch-vtep - Open vSwitch VTEP utilities Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: 8b070fd7d603964c92a38b2701006b9a1ae9e83b 1902936 openvswitch-common_2.15.0+ds1-2+deb11u5_ppc64el.deb f57902979d84beeade41065fca86076c6bd8af79 9992648 openvswitch-dbg_2.15.0+ds1-2+deb11u5_ppc64el.deb 58e4d2230c362a12ed810b970e1acce113d6eb02 1640792 openvswitch-dev_2.15.0+ds1-2+deb11u5_ppc64el.deb af809cc443cd9773f3c440241eca9c3d1a5b0e42 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_ppc64el.deb c59582889cbf294a640329a97d40b984b6f669db 1270484 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_ppc64el.deb ac14003aba790de93599db89acc6dd220b9c2c44 55412 openvswitch-switch_2.15.0+ds1-2+deb11u5_ppc64el.deb 088948ebd1b91cb5351d0951cff320d1670b8ff9 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_ppc64el.deb 750d646d04e98c244891cc5d86d8befb93219f3d 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_ppc64el.deb 2129485cca2218531f92643947eaba1758a1695c 20916 openvswitch_2.15.0+ds1-2+deb11u5_ppc64el-buildd.buildinfo Checksums-Sha256: 60630d1ea0fd20157401e160ccef1d457c767b5fc0eccc71c64bba8360c54ad5 1902936 openvswitch-common_2.15.0+ds1-2+deb11u5_ppc64el.deb 8d019f71970779438fe13a14189d28a312ec73fb286157cc38f9c43c558f1920 9992648 openvswitch-dbg_2.15.0+ds1-2+deb11u5_ppc64el.deb 39ebe2db4582ad37d9b8561b534e36d43bc57588aef04606e7bec9d917898e86 1640792 openvswitch-dev_2.15.0+ds1-2+deb11u5_ppc64el.deb ea283567eaa785688b97fd6f0ac71aeb8e0f284e97d5d3dc1ed6e61b28b7054c 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_ppc64el.deb 8ecf38f34ac7a3dd76a5d0480a8469c7f64371db4e8d839e7ff89a5609bac222 1270484 openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_ppc64el.deb a91e1a62758dff0436a59cf6ce29e9e96e8758c6850e5274079efe023e6e827e 55412 openvswitch-switch_2.15.0+ds1-2+deb11u5_ppc64el.deb a79fa8b81bcd11f712b33498033377c77b20af349445a1117fc76b98e7b13a41 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_ppc64el.deb 2e440bfea0f03d252781067c8c6254b05b556bf90a6733335ffb5fc8df58a194 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_ppc64el.deb 1cc8c255efdbf1be512ec2ad59bece82688f32a99353b2642757d0bae9cb99cb 20916 openvswitch_2.15.0+ds1-2+deb11u5_ppc64el-buildd.buildinfo Files: bc7b23a7b3c58d9511b741f9ed469f16 1902936 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_ppc64el.deb 8fd814d6f638ce06ce36177281634bca 9992648 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_ppc64el.deb 6d4f039facdd56f8632ed23f1a728761 1640792 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_ppc64el.deb 50b6923844dc0674bf87b2dcd54ce163 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_ppc64el.deb deca44b335f12216c86222d071e1c2be 1270484 net optional openvswitch-switch-dpdk_2.15.0+ds1-2+deb11u5_ppc64el.deb 00e8e641b2338f009eefff95099ba1b0 55412 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_ppc64el.deb c6caf87dfcdcf18e59dfc4da3b9f3d9f 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_ppc64el.deb 74363738d0ec341724708e3bb8fd63f8 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_ppc64el.deb 52753f8324d7a5b9304211d1fdbdc147 20916 net optional openvswitch_2.15.0+ds1-2+deb11u5_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmyxOicioak1AZZAyyPVDLEOGa2QFAmXxxZ0ACgkQyPVDLEOG a2R7UQ/8Cm3+JZJsN2RKoPLoLOfsZprwSjP4Yok2VPoy1570MTSeDpmORjSIlEpw l1IO4ztbmZuGyQRSRsSUvyBSMnh5KoSbBVLGsDvb2mVLHcSq/wu1DHyTGMgFYfIc JM2jklbqWzUBxXSHv3w17U0UQ2mOvsSssfa4VNawjToIj65ggHSqFa18GTGXTy6/ 60QsyEk2pxjzdwlyY1OYgsVPgSX8JcRoDea3mvGdDRZotkBYe9Z5RI/idvZob+2A Uaz6N0fM45xJx6+njivr9s+HAzbUckBqiFXpK0svdnIiJh2GL+cnbQfDYhGpie2J S8uUYWTKaIgr1UxYB1Gjb0l3ADtSxTAIbc+nETcVeeKjd9qcVovzcfwOR9k8atJc K/MIBKxrAmu/AnWchGDxQDSSyYtx8AClEGf09GDDkA7KKytAwj2ESzTyuQoXbOBq OvxTzAT2N9MfaqtNwoP5INyT6O7YihOxFe8RKKUZR53EoWYiiqe/HI3SJ+EODXm9 8RKsng4di5M9di+5RowfDSFBhenEvAX8RNwzrlfd7lI0ctxUbJRX1IkXdXCAsjXl XoGFAL1lZn/SzS4OpSrv/ftZRpggex8udy48GT+/re9ZJTV9tco0yz7Cv6lgY4dy CLSStafwHmgnpgP4ypDcMQjs8J2JOUKWfXodKKexJABPmtoRoqY= =MmGa -----END PGP SIGNATURE-----