--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bf29e92de4
2024-03-23 00:20:56.401388
--------------------------------------------------------------------------------

Name        : ovn
Product     : Fedora 40
Version     : 23.09.0
Release     : 139.fc40
URL         : http://www.openvswitch.org/
Summary     : Open Virtual Network support
Description :
OVN, the Open Virtual Network, is a system to support virtual network
abstraction.  OVN complements the existing capabilities of OVS to add
native support for virtual network abstractions, such as virtual L2 and L3
overlays and security groups.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may
lead to denial of service [fedora-all]
Sync to upstream OVN branch-23.09. Below are the commits since
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2024 Numan Siddique  - 23.09.0-139
- github: Reduce ASLR entropy to be compatible with asan in llvm 14.
[Upstream: 835b43811dfcf469da3123911240cc953b52bac3]

- Prepare for 23.09.4.
[Upstream: 5ce1740aaa02ebeed561ffb6298b71035b5c908a]

- Set release date for 23.09.3.
[Upstream: fbdc94d4309f28ad59e41025ff42945478dd12cc]

- controller: Set check_tnl_key for BFD on tunnel ifaces.
[Upstream: c966c35f1b1cd8c5351ccac3051843fbf765c2ae]

- tests: Skip EDNS test if the scapy version doesn't support it.
[Upstream: 7af89a5e50a4ba75a3ea5c393499f1e0fa0a6abb]

- northd: Don't skip the unSNAT stage for traffic towards VIPs.
[Upstream: 094b1217345a8ae5935fdd4dfec4949f46197377]

- Prepare for 23.09.3.
[Upstream: 7bd52d7a25f2ddad0be25a5e54a3eb63d98a19d8]

- Set release date for 23.09.2.
[Upstream: 04b23938302ad54f453f622a4b0c2fa5e27d3e41]
* Mon Mar  4 2024 Numan Siddique  - 23.09.0-131
- Sync to upstream OVN branch-23.09. Below are the commits since
last update (23.09.0-109)

- northd: Don't create fair Sb meters for ACLs with logging disabled.
[Upstream: 215d53ea1436f03ab26a1a65df0824b319e6a4c3]

- ci: Update crun in GitHub actions runner.
[Upstream: 5bf1773c90ef7b61a85946027a987184e8d74fa0]

- ci: Update crun in Cirrus CI cloud image.
[Upstream: afa3da7677ed4d484612b820d8f09642d5821bd4]

- controller: ofctrl: Use index for meter lookups.
[Upstream: 683fb6dd2fc3c2ab025b1dd87ba2883e40d6d775]

- tests: Fix "router port type update and then ...".
[Upstream: c463d1de1a0c2cd368a4809f0d9eda9792b79851]

- tests: Fix "ovn-controller - Chassis other_config".
[Upstream: cbd4f2fcd0223a96c739dd07eded753f8f9b2a30]

- tests: Fix "ofctrl wait before clearing flows".
[Upstream: 81486b62bcac0d081ca907533ae34d826605b485]

- tests: Fix flaky "ovn-controller-vtep - binding 1".
[Upstream: 48a08a447340b095e8472d40aaaac5156320b4c1]

- tests: Fix flaky "options:requested-chassis ...".
[Upstream: a088df5aa75a7207ccdd751d2167e1536113737f]

- tests: Fix typos in tests.
[Upstream: 0a5726652b202add51d1dc8b6557268673e6cc51]

- tests: Have tests fail when adding veth peer fails.
[Upstream: 609a943e33c734d368f2019e7d3b41e31bb31d6f]

- pinctrl: dns: Ignore additional records.
[Upstream: 511f5a214226be84ae3b9434ffcab973e37295eb]

- ovn-ic: Fix global blacklist filter for IPv6 addresses.
[Upstream: 27d23712260b9faba23018ce973010743e30ccf7]

- tests: Fix macro OVN_CHECK_PACKETS_CONTAIN.
[Upstream: 28b0eddff68c5a64b80071a9a27cb79e3fac792a]

- features.c: Always wait on the rconn.
[Upstream: c0c9e507470439c3220b99c361f71e0cff3406fc]

- ci: Bump CirrusCI Ubuntu image version
[Upstream: 41e7f01872dae61b9ffcc1d3871865313ff90619]

- Documentation: Fix broken links in ovn-sandbox.rst.
[Upstream: 99d22a176f45971516803129f08c7a37a50bc4a1]

- ovn-sb.xml: Remove IPv4-only restriction from Service Monitors.
[Upstream: 97fca0f846bf6839144fc04fed6f0873198b4f89]

- github: Update versions of action dependencies (Node.js 20).
[Upstream: 2981936b61e0e0694c16df979b986dd1cb60b147]
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2267840 - CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=2267840
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bf29e92de4' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 40: ovn 2024-bf29e92de4

March 23, 2024
Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service [fedora-all] Sync to upstream OVN branch-23.09

Summary

OVN, the Open Virtual Network, is a system to support virtual network

abstraction. OVN complements the existing capabilities of OVS to add

native support for virtual network abstractions, such as virtual L2 and L3

overlays and security groups.

Update Information:

Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service [fedora-all] Sync to upstream OVN branch-23.09. Below are the commits since

Change Log

* Wed Mar 13 2024 Numan Siddique - 23.09.0-139 - github: Reduce ASLR entropy to be compatible with asan in llvm 14. [Upstream: 835b43811dfcf469da3123911240cc953b52bac3]
- Prepare for 23.09.4. [Upstream: 5ce1740aaa02ebeed561ffb6298b71035b5c908a]
- Set release date for 23.09.3. [Upstream: fbdc94d4309f28ad59e41025ff42945478dd12cc]
- controller: Set check_tnl_key for BFD on tunnel ifaces. [Upstream: c966c35f1b1cd8c5351ccac3051843fbf765c2ae]
- tests: Skip EDNS test if the scapy version doesn't support it. [Upstream: 7af89a5e50a4ba75a3ea5c393499f1e0fa0a6abb]
- northd: Don't skip the unSNAT stage for traffic towards VIPs. [Upstream: 094b1217345a8ae5935fdd4dfec4949f46197377]
- Prepare for 23.09.3. [Upstream: 7bd52d7a25f2ddad0be25a5e54a3eb63d98a19d8]
- Set release date for 23.09.2. [Upstream: 04b23938302ad54f453f622a4b0c2fa5e27d3e41] * Mon Mar 4 2024 Numan Siddique - 23.09.0-131 - Sync to upstream OVN branch-23.09. Below are the commits since last update (23.09.0-109)
- northd: Don't create fair Sb meters for ACLs with logging disabled. [Upstream: 215d53ea1436f03ab26a1a65df0824b319e6a4c3]
- ci: Update crun in GitHub actions runner. [Upstream: 5bf1773c90ef7b61a85946027a987184e8d74fa0]
- ci: Update crun in Cirrus CI cloud image. [Upstream: afa3da7677ed4d484612b820d8f09642d5821bd4]
- controller: ofctrl: Use index for meter lookups. [Upstream: 683fb6dd2fc3c2ab025b1dd87ba2883e40d6d775]
- tests: Fix "router port type update and then ...". [Upstream: c463d1de1a0c2cd368a4809f0d9eda9792b79851]
- tests: Fix "ovn-controller - Chassis other_config". [Upstream: cbd4f2fcd0223a96c739dd07eded753f8f9b2a30]
- tests: Fix "ofctrl wait before clearing flows". [Upstream: 81486b62bcac0d081ca907533ae34d826605b485]
- tests: Fix flaky "ovn-controller-vtep - binding 1". [Upstream: 48a08a447340b095e8472d40aaaac5156320b4c1]
- tests: Fix flaky "options:requested-chassis ...". [Upstream: a088df5aa75a7207ccdd751d2167e1536113737f]
- tests: Fix typos in tests. [Upstream: 0a5726652b202add51d1dc8b6557268673e6cc51]
- tests: Have tests fail when adding veth peer fails. [Upstream: 609a943e33c734d368f2019e7d3b41e31bb31d6f]
- pinctrl: dns: Ignore additional records. [Upstream: 511f5a214226be84ae3b9434ffcab973e37295eb]
- ovn-ic: Fix global blacklist filter for IPv6 addresses. [Upstream: 27d23712260b9faba23018ce973010743e30ccf7]
- tests: Fix macro OVN_CHECK_PACKETS_CONTAIN. [Upstream: 28b0eddff68c5a64b80071a9a27cb79e3fac792a]
- features.c: Always wait on the rconn. [Upstream: c0c9e507470439c3220b99c361f71e0cff3406fc]
- ci: Bump CirrusCI Ubuntu image version [Upstream: 41e7f01872dae61b9ffcc1d3871865313ff90619]
- Documentation: Fix broken links in ovn-sandbox.rst. [Upstream: 99d22a176f45971516803129f08c7a37a50bc4a1]
- ovn-sb.xml: Remove IPv4-only restriction from Service Monitors. [Upstream: 97fca0f846bf6839144fc04fed6f0873198b4f89]
- github: Update versions of action dependencies (Node.js 20). [Upstream: 2981936b61e0e0694c16df979b986dd1cb60b147]

References

[ 1 ] Bug #2267840 - CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service https://bugzilla.redhat.com/show_bug.cgi?id=2267840

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-bf29e92de4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : ovn
Product : Fedora 40
Version : 23.09.0
Release : 139.fc40
URL : http://www.openvswitch.org/
Summary : Open Virtual Network support

Related News