Fedora 38 Update: ovn-23.09.0-139.fc38
Fedora 39 Update: chromium-123.0.6312.58-1.fc39
Fedora 39 Update: apptainer-1.3.0-1.fc39
Fedora 39 Update: ovn-23.09.0-139.fc39
Fedora 38 Update: ovn-23.09.0-139.fc38
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7c11edcd20
2024-03-22 01:41:36.209974
--------------------------------------------------------------------------------
Name : ovn
Product : Fedora 38
Version : 23.09.0
Release : 139.fc38
URL : http://www.openvswitch.org/
Summary : Open Virtual Network support
Description :
OVN, the Open Virtual Network, is a system to support virtual network
abstraction. OVN complements the existing capabilities of OVS to add
native support for virtual network abstractions, such as virtual L2 and L3
overlays and security groups.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may
lead to denial of service [fedora-all]
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2024 Numan Siddique [numans@ovn.org] - 23.09.0-139
- github: Reduce ASLR entropy to be compatible with asan in llvm 14.
[Upstream: 835b43811dfcf469da3123911240cc953b52bac3]
- Prepare for 23.09.4.
[Upstream: 5ce1740aaa02ebeed561ffb6298b71035b5c908a]
- Set release date for 23.09.3.
[Upstream: fbdc94d4309f28ad59e41025ff42945478dd12cc]
- controller: Set check_tnl_key for BFD on tunnel ifaces.
[Upstream: c966c35f1b1cd8c5351ccac3051843fbf765c2ae]
- tests: Skip EDNS test if the scapy version doesn't support it.
[Upstream: 7af89a5e50a4ba75a3ea5c393499f1e0fa0a6abb]
- northd: Don't skip the unSNAT stage for traffic towards VIPs.
[Upstream: 094b1217345a8ae5935fdd4dfec4949f46197377]
- Prepare for 23.09.3.
[Upstream: 7bd52d7a25f2ddad0be25a5e54a3eb63d98a19d8]
- Set release date for 23.09.2.
[Upstream: 04b23938302ad54f453f622a4b0c2fa5e27d3e41]
* Mon Mar 4 2024 Numan Siddique [numans@ovn.org] - 23.09.0-131
- Sync to upstream OVN branch-23.09. Below are the commits since
last update (23.09.0-109)
- northd: Don't create fair Sb meters for ACLs with logging disabled.
[Upstream: 215d53ea1436f03ab26a1a65df0824b319e6a4c3]
- ci: Update crun in GitHub actions runner.
[Upstream: 5bf1773c90ef7b61a85946027a987184e8d74fa0]
- ci: Update crun in Cirrus CI cloud image.
[Upstream: afa3da7677ed4d484612b820d8f09642d5821bd4]
- controller: ofctrl: Use index for meter lookups.
[Upstream: 683fb6dd2fc3c2ab025b1dd87ba2883e40d6d775]
- tests: Fix "router port type update and then ...".
[Upstream: c463d1de1a0c2cd368a4809f0d9eda9792b79851]
- tests: Fix "ovn-controller - Chassis other_config".
[Upstream: cbd4f2fcd0223a96c739dd07eded753f8f9b2a30]
- tests: Fix "ofctrl wait before clearing flows".
[Upstream: 81486b62bcac0d081ca907533ae34d826605b485]
- tests: Fix flaky "ovn-controller-vtep - binding 1".
[Upstream: 48a08a447340b095e8472d40aaaac5156320b4c1]
- tests: Fix flaky "options:requested-chassis ...".
[Upstream: a088df5aa75a7207ccdd751d2167e1536113737f]
- tests: Fix typos in tests.
[Upstream: 0a5726652b202add51d1dc8b6557268673e6cc51]
- tests: Have tests fail when adding veth peer fails.
[Upstream: 609a943e33c734d368f2019e7d3b41e31bb31d6f]
- pinctrl: dns: Ignore additional records.
[Upstream: 511f5a214226be84ae3b9434ffcab973e37295eb]
- ovn-ic: Fix global blacklist filter for IPv6 addresses.
[Upstream: 27d23712260b9faba23018ce973010743e30ccf7]
- tests: Fix macro OVN_CHECK_PACKETS_CONTAIN.
[Upstream: 28b0eddff68c5a64b80071a9a27cb79e3fac792a]
- features.c: Always wait on the rconn.
[Upstream: c0c9e507470439c3220b99c361f71e0cff3406fc]
- ci: Bump CirrusCI Ubuntu image version
[Upstream: 41e7f01872dae61b9ffcc1d3871865313ff90619]
- Documentation: Fix broken links in ovn-sandbox.rst.
[Upstream: 99d22a176f45971516803129f08c7a37a50bc4a1]
- ovn-sb.xml: Remove IPv4-only restriction from Service Monitors.
[Upstream: 97fca0f846bf6839144fc04fed6f0873198b4f89]
- github: Update versions of action dependencies (Node.js 20).
[Upstream: 2981936b61e0e0694c16df979b986dd1cb60b147]
* Fri Feb 9 2024 Dumitru Ceara [dceara@redhat.com] - 23.09.0-112
- Sync to upstream OVN branch-23.09. Below are the commits since
last update (23.09.0-109)
- northd: Remove the protocol match from ECMP symmetric reply flows.
[Upstream: a36f2955be67a6581e81fb3ae27de825e0046b52]
- northd: Explicitly handle SNAT for ICMP need frag.
[Upstream: 6a4c412f43d5f1c076fac3784a4ffeb8a3861436]
- actions: Adjust the ct_commit_nat action.
[Upstream: 069842478601c0b01b0cc3117637e5a00344fcb6]
* Tue Jan 30 2024 Numan Siddique [numans@ovn.org] - 23.09.0-109
- Sync to upstream OVN branch-23.09. Below are the commits
since last update (23.09.0-106)
- ovs: Bump submodule to tip of OVS branch-3.2.
[Upstream: f224c6e5f69c099ddb008f99dba2e19a902a612f]
- actions: Use random port selection for SNAT with external_port_range.
[Upstream: 7ee483a45df19e11e26487e64a93940e0de64b9a]
- ovn-ic: Handle NB:name updates properly.
[Upstream: 0e684ec206e8979694912ad1037145ccd0d0b7dc]
* Mon Jan 29 2024 Dumitru Ceara [dceara@redhat.com] - 23.09.0-106
- Sync to upstream OVN branch-23.09. Below are the commits
since last update (23.09.0-100)
- northd: Make sure that affinity flows match on VIP.
[Upstream: 859e8d917408d50272c910f78ac44ab8a593aa13]
- Fix segfault due to ssl-ciphers.
[Upstream: d39e7c0068ecc719a3d6154e2078d6d9a3435fc9]
- ovn: Add tunnel PMTUD support. (#2241711)
[Upstream: 6d2f9d60760a793c15ca7423b24ff586b653fc76]
- controller: fixed potential segfault when changing tunnel_key and deleting ls.
[Upstream: 120075357a624293d52a1905c47a1bd249d2157c]
- northd: Use proper field for lookup_nd
[Upstream: 8e25c1c37aa3301f69bc89ee49ffaef5aa2f76fd]
- checkpatch.py: Port checkpatch related changes from the OVS repo.
[Upstream: bf334c65e1ead50013880049564d445919aee61f]
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 23.09.0-102
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 23.09.0-101
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2267840 - CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=2267840
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7c11edcd20' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: chromium-123.0.6312.58-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ec79868e3b
2024-03-22 01:15:00.283884
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 39
Version : 123.0.6312.58
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 123.0.6312.58
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2024 Than Ngo [than@redhat.com] - 123.0.6312.58-1
- update to 123.0.6312.58
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
* Fri Mar 15 2024 Than Ngo [than@redhat.com] - 123.0.6312.46-1
- update to 123.0.6312.46
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2270389 - CVE-2024-2626 CVE-2024-2627 CVE-2024-2628 CVE-2024-2629 CVE-2024-2630 CVE-2024-2631 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2270389
[ 2 ] Bug #2270393 - CVE-2024-2625 chromium: chromium-browser: Object lifecycle issue in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2270393
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ec79868e3b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: apptainer-1.3.0-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-453ee0b3b9
2024-03-22 01:15:00.283844
--------------------------------------------------------------------------------
Name : apptainer
Product : Fedora 39
Version : 1.3.0
Release : 1.fc39
URL : https://apptainer.org
Summary : Application and environment virtualization formerly known as Singularity
Description :
Apptainer provides functionality to make portable
containers that can be used across host environments.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and
CVE-2024-28180
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2024 Dave Dykstra [dwd@fnal.gov] - 1.3.0
- Update to upstream 1.3.0
* Thu Feb 15 2024 Dave Dykstra [dwd@fnal.gov] - 1.3.0~rc.2
- Update to upstream 1.3.0-rc.2
* Wed Jan 10 2024 Dave Dykstra [dwd@fnal.gov] - 1.3.0~rc.1
- Update to upstream 1.3.0-rc.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268820 - CVE-2024-28176 jose: resource exhaustion
https://bugzilla.redhat.com/show_bug.cgi?id=2268820
[ 2 ] Bug #2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed data
https://bugzilla.redhat.com/show_bug.cgi?id=2268854
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-453ee0b3b9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: ovn-23.09.0-139.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-082155d6b7
2024-03-22 01:15:00.283802
--------------------------------------------------------------------------------
Name : ovn
Product : Fedora 39
Version : 23.09.0
Release : 139.fc39
URL : http://www.openvswitch.org/
Summary : Open Virtual Network support
Description :
OVN, the Open Virtual Network, is a system to support virtual network
abstraction. OVN complements the existing capabilities of OVS to add
native support for virtual network abstractions, such as virtual L2 and L3
overlays and security groups.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may
lead to denial of service [fedora-all]
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2024 Numan Siddique [numans@ovn.org] - 23.09.0-139
- github: Reduce ASLR entropy to be compatible with asan in llvm 14.
[Upstream: 835b43811dfcf469da3123911240cc953b52bac3]
- Prepare for 23.09.4.
[Upstream: 5ce1740aaa02ebeed561ffb6298b71035b5c908a]
- Set release date for 23.09.3.
[Upstream: fbdc94d4309f28ad59e41025ff42945478dd12cc]
- controller: Set check_tnl_key for BFD on tunnel ifaces.
[Upstream: c966c35f1b1cd8c5351ccac3051843fbf765c2ae]
- tests: Skip EDNS test if the scapy version doesn't support it.
[Upstream: 7af89a5e50a4ba75a3ea5c393499f1e0fa0a6abb]
- northd: Don't skip the unSNAT stage for traffic towards VIPs.
[Upstream: 094b1217345a8ae5935fdd4dfec4949f46197377]
- Prepare for 23.09.3.
[Upstream: 7bd52d7a25f2ddad0be25a5e54a3eb63d98a19d8]
- Set release date for 23.09.2.
[Upstream: 04b23938302ad54f453f622a4b0c2fa5e27d3e41]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2267840 - CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=2267840
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-082155d6b7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
