Bug#1063492: marked as done (openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW offload)
Your message dated Mon, 18 Mar 2024 22:02:38 + with message-id and subject line Bug#1063492: fixed in openvswitch 2.15.0+ds1-2+deb11u5 has caused the Debian Bug report #1063492, regarding openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW offload to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1063492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openvswitch Version: 3.3.0~git20240118.e802fe7-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 3.1.0-2 Hi, The following vulnerability was published for openvswitch. CVE-2023-3966[0]: | Invalid memory access in Geneve with HW offload If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3966 https://www.cve.org/CVERecord?id=CVE-2023-3966 [1] https://www.openwall.com/lists/oss-security/2024/02/08/3 [2] https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openvswitch Source-Version: 2.15.0+ds1-2+deb11u5 Done: Thomas Goirand We believe that the bug you reported is fixed in the latest version of openvswitch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1063...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand (supplier of updated openvswitch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 25 Feb 2024 15:10:01 +0100 Source: openvswitch Architecture: source Version: 2.15.0+ds1-2+deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Closes: 1063492 Changes: openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". Added additional patches that the LTS team added to fix this: - Cherry-pick additional patch adjust-segment-boundary.patch to fix test suite for the patch for this CVE. - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix new test ipv6-ND-dependency (added by the previous patch) * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add upstream patches (Closes: #1063492): - Fix the mask for tunnel metadata length - Check geneve metadata length * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream patch "Fix memory leak in ovs_pcap_open". * Blacklist unittest 21 - bpf decay, which isn't deterministic. Checksums-Sha1: 34a5b7218e922964b920af975a337efb793ee21d 3180 openvswitch_2.15.0+ds1-2+deb11u5.dsc cd73853ac6af987b904ca311890f35ce7b139c0e 67576 openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz 576f90d4b59173ae9e80e4dee18d8fcd3ebade48 22311 openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo Checksums-Sha256: a7a45a50decb56523b01dd2bf16aea6ccd31ae2ad83a69811e348a5882627a0d 3180 openvswitch_2.15.0+ds1-2+deb11u5.dsc 050d4030ad4f8de076e0810e7f177cb23beda7723d5d03bbb268c4fa58e220d2 67576 openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz 0c871396dafa96799ad4a1dc5272b9c1fc56bdba95203514603d959d047f8c15 22311 openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo Files: 50af790b543a56acdc0c632255f0b0d3 3180 net optional openvswitch_2.15.0+ds1-2+deb11u5.dsc cc3184ba4f964515bc71bd2ec593dfe2 67576 net optional openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
Bug#1063492: marked as done (openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW offload)
Your message dated Sun, 17 Mar 2024 17:02:44 + with message-id and subject line Bug#1063492: fixed in openvswitch 3.1.0-2+deb12u1 has caused the Debian Bug report #1063492, regarding openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW offload to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1063492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openvswitch Version: 3.3.0~git20240118.e802fe7-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 3.1.0-2 Hi, The following vulnerability was published for openvswitch. CVE-2023-3966[0]: | Invalid memory access in Geneve with HW offload If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3966 https://www.cve.org/CVERecord?id=CVE-2023-3966 [1] https://www.openwall.com/lists/oss-security/2024/02/08/3 [2] https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openvswitch Source-Version: 3.1.0-2+deb12u1 Done: Thomas Goirand We believe that the bug you reported is fixed in the latest version of openvswitch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1063...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand (supplier of updated openvswitch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 18 Feb 2024 16:46:26 +0100 Source: openvswitch Architecture: source Version: 3.1.0-2+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Closes: 1063492 Changes: openvswitch (3.1.0-2+deb12u1) bookworm-security; urgency=medium . * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks on a final stage with ports trie". * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Added upstream patch: netdev-offload-tc: Check geneve metadata length (Closes: #1063492). Checksums-Sha1: 6fddff647c4124aa3e34552fb523ee4632c95a42 3559 openvswitch_3.1.0-2+deb12u1.dsc f1fd1f728cbf71894c752b546cd3c27d57ebaebe 4847692 openvswitch_3.1.0.orig.tar.xz 6e6cbffad704d727e6b3e4b05dd83a1be765f62d 74096 openvswitch_3.1.0-2+deb12u1.debian.tar.xz 8b24eaa8734c78d1bc87330092ecaa365a95334e 25342 openvswitch_3.1.0-2+deb12u1_amd64.buildinfo Checksums-Sha256: 22ca1b4ea0ac2e00c6d017aeb3fc16a2d1e381338414960011543ee2a16a9b4a 3559 openvswitch_3.1.0-2+deb12u1.dsc c56c34e37058ce4dd131733b0b24c9b557b0d0ee092a9786739b51f5e906a297 4847692 openvswitch_3.1.0.orig.tar.xz a73be9099e7014117cc7625711efeed1e0b90c2cef3a3341f146cfb7ce37df8d 74096 openvswitch_3.1.0-2+deb12u1.debian.tar.xz 301974eaed1bee652b6b4a53c48be3638e8ac72b3b4c495e2cad5ea06bfce1fd 25342 openvswitch_3.1.0-2+deb12u1_amd64.buildinfo Files: 8fcf6e716a9c556bfbebc93bdfd86f4b 3559 net optional openvswitch_3.1.0-2+deb12u1.dsc 45a3b182b9cbf6d9c98c76c0026a65d6 4847692 net optional openvswitch_3.1.0.orig.tar.xz 5cbf3df575d6aaa567c28c3c4b67c47e 74096 net optional openvswitch_3.1.0-2+deb12u1.debian.tar.xz b88ccade8d141cc34354dac8bec9c9f2 25342 net optional openvswitch_3.1.0-2+deb12u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmXxu3YACgkQ1BatFaxr Q/6hSg//QPjYGfVAu1TvYCU2jFEJV5M3jvGj2J16OM5jmciYxmgkQNoritawmWaC EYMixP/rEcuX2tA5PUxTnoa6/qd999rZOOamffwocEt/jTcuoyac1jpVeRwb3+Dr OjU/gXTCPxyfJFeDVSez2Pb42Ff17xaq/aFfWdyO+aeE2SBTpFB0fimouqmNjvd0
Bug#1063492: marked as done (openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW offload)
Your message dated Thu, 29 Feb 2024 17:11:06 + with message-id and subject line Bug#1063492: fixed in openvswitch 3.3.0-1 has caused the Debian Bug report #1063492, regarding openvswitch: CVE-2023-3966: Invalid memory access in Geneve with HW offload to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1063492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openvswitch Version: 3.3.0~git20240118.e802fe7-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 3.1.0-2 Hi, The following vulnerability was published for openvswitch. CVE-2023-3966[0]: | Invalid memory access in Geneve with HW offload If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3966 https://www.cve.org/CVERecord?id=CVE-2023-3966 [1] https://www.openwall.com/lists/oss-security/2024/02/08/3 [2] https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openvswitch Source-Version: 3.3.0-1 Done: Frode Nordahl We believe that the bug you reported is fixed in the latest version of openvswitch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1063...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frode Nordahl (supplier of updated openvswitch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 29 Feb 2024 14:25:30 +0100 Source: openvswitch Architecture: source Version: 3.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack Changed-By: Frode Nordahl Closes: 1063492 Changes: openvswitch (3.3.0-1) unstable; urgency=medium . * Team upload. * Update upstream source from tag 'upstream/3.3.0'. * d/p/dp-packet-Reset-offload_offsets-when-clearing-a-packet.patch: Drop, included in new upstream version. * d/p/0001-tests-ovsdb-server-Fix-config-file-same-schema-test.patch: Drop, included in new upstream version. * d/openvswitch-switch.lintian-overrides: Remove obsolete tag "package- supports-alternative-init-but-no-init.d-script". * d/control: Replace pkg-config with pkgconf as build dependency. * CVE-2023-3966: Fix invalid memory access in Geneve with HW offload (Closes: #1063492). Checksums-Sha1: 2d82db086164bf0ce85dcbffc551b0715a79307c 3660 openvswitch_3.3.0-1.dsc a9e9cdfa883927566c084a7703d975c3ebef89e2 5381744 openvswitch_3.3.0.orig.tar.xz 9980479030be02941456beb7c2147919c2e90435 69136 openvswitch_3.3.0-1.debian.tar.xz e053ea2076509ef36c765671bfce894dcb28e4d6 11648 openvswitch_3.3.0-1_source.buildinfo Checksums-Sha256: 1c6a47c2937af72d6e31a8a6113b5f453bb2bce7903b22398e480c5ee96811c5 3660 openvswitch_3.3.0-1.dsc 413c89d4108e2f78008930ae905023b29a22ca5476ac3c0725107ac713d6e78e 5381744 openvswitch_3.3.0.orig.tar.xz b5f087c1a473d693d74098876fbc2831bface0644e127d5de25eb65cc9ff90d3 69136 openvswitch_3.3.0-1.debian.tar.xz 5174db6120f4ad4f93a20807611d62173c6caa7fc6ff194fa6948256501b57eb 11648 openvswitch_3.3.0-1_source.buildinfo Files: 65e43b45310bd6763539cd0fe69b82d2 3660 net optional openvswitch_3.3.0-1.dsc 28140ad77f523eed57ec076ecf2853d1 5381744 net optional openvswitch_3.3.0.orig.tar.xz fc4197ea3b333b6dc0cbee3f0f3b9660 69136 net optional openvswitch_3.3.0-1.debian.tar.xz b885299209bfd05e7a6b91d178781522 11648 net optional openvswitch_3.3.0-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEErCSqx93EIPGOymuRKGv37813JB4FAmXgsj8ACgkQKGv37813 JB7Y/BAA0/TBAyfsNm/Q65okABRVp3ylqM619vRnoKs+zNqN7aydtcR5TL65rxfk r8glhhraybZVCPktslmVKG6s36YSrqZ+cYCmpA6fyHLG7pXC5S1H+kcwR8R1rS7t Q1PI4FTjVHyn567CumE/GA5aUOe6X/EPJcGJPyLTGFeOAZfo4+o8ZoG4KV7OY/Zd f+/m5Pdi1F6XbAgZ1oW2zW4K5Coyl87GFwzrMCIEigDMXAAPHp0yXjsqOBMWXsdW uGpVVR1JKZNowv/68EHGbzBjFH1rCbM/BAmRlkVOEAEt4lPeIwCuK0fUQfMTQpXi