Your message dated Sun, 17 Mar 2024 17:02:44 +0000
with message-id <e1rltug-00agex...@fasolo.debian.org>
and subject line Bug#1063492: fixed in openvswitch 3.1.0-2+deb12u1
has caused the Debian Bug report #1063492,
regarding openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW
offload
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1063492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openvswitch
Version: 3.3.0~git20240118.e802fe7-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.1.0-2
Hi,
The following vulnerability was published for openvswitch.
CVE-2023-3966[0]:
| Invalid memory access in Geneve with HW offload
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-3966
https://www.cve.org/CVERecord?id=CVE-2023-3966
[1] https://www.openwall.com/lists/oss-security/2024/02/08/3
[2] https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openvswitch
Source-Version: 3.1.0-2+deb12u1
Done: Thomas Goirand <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
openvswitch, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1063...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated openvswitch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 18 Feb 2024 16:46:26 +0100
Source: openvswitch
Architecture: source
Version: 3.1.0-2+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian OpenStack <team+openst...@tracker.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Closes: 1063492
Changes:
openvswitch (3.1.0-2+deb12u1) bookworm-security; urgency=medium
.
* CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
Advertisement packets between virtual machines to bypass OpenFlow rules.
This issue may allow a local attacker to create specially crafted packets
with a modified or spoofed target IP address field that can redirect ICMPv6
traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
on a final stage with ports trie".
* CVE-2023-3966: Invalid memory access in Geneve with HW offload. Added
upstream patch: netdev-offload-tc: Check geneve metadata length
(Closes: #1063492).
Checksums-Sha1:
6fddff647c4124aa3e34552fb523ee4632c95a42 3559 openvswitch_3.1.0-2+deb12u1.dsc
f1fd1f728cbf71894c752b546cd3c27d57ebaebe 4847692 openvswitch_3.1.0.orig.tar.xz
6e6cbffad704d727e6b3e4b05dd83a1be765f62d 74096
openvswitch_3.1.0-2+deb12u1.debian.tar.xz
8b24eaa8734c78d1bc87330092ecaa365a95334e 25342
openvswitch_3.1.0-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
22ca1b4ea0ac2e00c6d017aeb3fc16a2d1e381338414960011543ee2a16a9b4a 3559
openvswitch_3.1.0-2+deb12u1.dsc
c56c34e37058ce4dd131733b0b24c9b557b0d0ee092a9786739b51f5e906a297 4847692
openvswitch_3.1.0.orig.tar.xz
a73be9099e7014117cc7625711efeed1e0b90c2cef3a3341f146cfb7ce37df8d 74096
openvswitch_3.1.0-2+deb12u1.debian.tar.xz
301974eaed1bee652b6b4a53c48be3638e8ac72b3b4c495e2cad5ea06bfce1fd 25342
openvswitch_3.1.0-2+deb12u1_amd64.buildinfo
Files:
8fcf6e716a9c556bfbebc93bdfd86f4b 3559 net optional
openvswitch_3.1.0-2+deb12u1.dsc
45a3b182b9cbf6d9c98c76c0026a65d6 4847692 net optional
openvswitch_3.1.0.orig.tar.xz
5cbf3df575d6aaa567c28c3c4b67c47e 74096 net optional
openvswitch_3.1.0-2+deb12u1.debian.tar.xz
b88ccade8d141cc34354dac8bec9c9f2 25342 net optional
openvswitch_3.1.0-2+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmXxu3YACgkQ1BatFaxr
Q/6hSg//QPjYGfVAu1TvYCU2jFEJV5M3jvGj2J16OM5jmciYxmgkQNoritawmWaC
EYMixP/rEcuX2tA5PUxTnoa6/qd999rZOOamffwocEt/jTcuoyac1jpVeRwb3+Dr
OjU/gXTCPxyfJFeDVSez2Pb42Ff17xaq/aFfWdyO+aeE2SBTpFB0fimouqmNjvd0
KccdW4Llsf+UtcHD4D+Q4IknMDXtn2eeLZShvjgjVDkNONMNlpYIqiUNFHbXGo09
/PgNfStjwbYh+ZXhVEkHWaXtyjN79ylUD34HwMFAS69XXVyQ0FFXtp/NCBiHLKNl
XjD1KzCpS78Ay06nkKMLKd+A87Ez7lclQgbGkoK1eI6GAz8CtU7dGTMRgIsSaN0S
HHfA2MfNtFGTaXVeBL7yCw3x4Iqf6OPg0kxY9lI3yaTJpkYKr0LUK+WTIA3EKIhJ
NYvU+YR86gC6fjC8NH4vHWR4H016vAAFVVvt0vfMIv3E4IelSgyOsfrCjzOsBFu6
eQZvdNZ7ext7hE5JBpZ8tUkZkuYIQHhRstwN/JYr5B8dqYIz65sR0Yv44mus+FTK
6pfJAG5EZH7xGrOiD3VbnspOMadonyTkMQgrr/JS6VHpIItKth4XBjjBlYB4alzW
4FRqBGHhS9RwskV/ipMWB177kEtgQr4ZC0xzJ0gpVwrkpb5TB1k=
=bC4r
-----END PGP SIGNATURE-----
pgpQ2UJ1xD5N0.pgp
Description: PGP signature
--- End Message ---
