Your message dated Mon, 18 Mar 2024 22:02:38 +0000
with message-id <e1rml42-00grbu...@fasolo.debian.org>
and subject line Bug#1063492: fixed in openvswitch 2.15.0+ds1-2+deb11u5
has caused the Debian Bug report #1063492,
regarding openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW
offload
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1063492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openvswitch
Version: 3.3.0~git20240118.e802fe7-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.1.0-2
Hi,
The following vulnerability was published for openvswitch.
CVE-2023-3966[0]:
| Invalid memory access in Geneve with HW offload
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-3966
https://www.cve.org/CVERecord?id=CVE-2023-3966
[1] https://www.openwall.com/lists/oss-security/2024/02/08/3
[2] https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openvswitch
Source-Version: 2.15.0+ds1-2+deb11u5
Done: Thomas Goirand <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
openvswitch, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1063...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated openvswitch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Architecture: source
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian OpenStack <team+openst...@tracker.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Closes: 1063492
Changes:
openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
.
* CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
Advertisement packets between virtual machines to bypass OpenFlow rules.
This issue may allow a local attacker to create specially crafted packets
with a modified or spoofed target IP address field that can redirect ICMPv6
traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
on a final stage with ports trie".
Added additional patches that the LTS team added to fix this:
- Cherry-pick additional patch adjust-segment-boundary.patch
to fix test suite for the patch for this CVE.
- Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
new test ipv6-ND-dependency (added by the previous patch)
* CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
upstream patches (Closes: #1063492):
- Fix the mask for tunnel metadata length
- Check geneve metadata length
* CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
patch "Fix memory leak in ovs_pcap_open".
* Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
34a5b7218e922964b920af975a337efb793ee21d 3180
openvswitch_2.15.0+ds1-2+deb11u5.dsc
cd73853ac6af987b904ca311890f35ce7b139c0e 67576
openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
576f90d4b59173ae9e80e4dee18d8fcd3ebade48 22311
openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo
Checksums-Sha256:
a7a45a50decb56523b01dd2bf16aea6ccd31ae2ad83a69811e348a5882627a0d 3180
openvswitch_2.15.0+ds1-2+deb11u5.dsc
050d4030ad4f8de076e0810e7f177cb23beda7723d5d03bbb268c4fa58e220d2 67576
openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
0c871396dafa96799ad4a1dc5272b9c1fc56bdba95203514603d959d047f8c15 22311
openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo
Files:
50af790b543a56acdc0c632255f0b0d3 3180 net optional
openvswitch_2.15.0+ds1-2+deb11u5.dsc
cc3184ba4f964515bc71bd2ec593dfe2 67576 net optional
openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
d8d9f497d90510f16b527c0bd5d38f84 22311 net optional
openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmXxvHEACgkQ1BatFaxr
Q/4Yhg//Uo8Bmaa+39C/8zgTfxEBd1/pkEMMwQRKSrEgPk+hF2uMm4p0hkKu2UPs
iJT6T1nuOG1IUEaR104bUI5QIMcm4xAcrB9IEMmW0tc2cFXZHu33TI61M8djAGjL
NDRTLdsLWg231sZK1A0yN2NH/QfVFFJ5Daobyv4f7iVIQxasCPO0EdjSAAZNAkoR
xURlehbuR/vG+hs3NxqsobOfLXKp7E363WEVP/SfegP4aQuSbkAUJp6Iw30/380P
okmvVHHVRDblMsZzzQtbo9mn+tfSszKed1lxyMc0LpONmKjPHLz0hnOhnWC5SJGK
PenAnRasuNkpLVGr7mvtS5DH5BKMaA4z8Ta/V56mKOQ93HyxY6AozAvgIDyn2xcS
1IIRZfbGoyF6emv4DxWcYI8i+g+0eDHgUfHuB5TFjKDCx/4/adGw2HDoOZBqj+PV
ZjQvfJ89ygO5wHJK65jBKZDYtnrcHhkdIRsAS8VCm5IpqswnCX7AFN67NrVxvaIu
8bFpK42CFIjgrI6TYzbn55868hqco94ApvwKHEqYY366JenQ+wK4S3ukEnqYN0My
64ISOqCrwptUCyt/RFmkTwUYvqUzJt6sBeztm8lXsTI2F58I0ibOS+A2CvnIBZzE
DmtqNjxir0Ttbg9GDnXSl/ROE2lXe6YNsY1dHPAjlBbwn4rRlak=
=e4+J
-----END PGP SIGNATURE-----
pgpdBxtfbpNA5.pgp
Description: PGP signature
--- End Message ---
