Description of the patch:
This update for openvswitch fixes the following issues
- CVE-2026-5265: heap over-read in ICMP error response generation (bsc#1262498).
- CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing (bsc#1262499).
- CVE-2026-34956: Invalid memory access in conntrack FTP alg (bsc#1261273).
Changes for openvswitch:
- Update ovn to 25.03.3
- Bug fixes
- Add support for special port_security prefix "VRRPv3". This prefix allows
CMS to allow all required traffic for a VRRPv3 virtual router behind LSP.
See ovn-nb(5) man page for more details.
- Fixed support for fragmented traffic in the userspace datapath. Added the
"acl_ct_translation" NB_Global option to enable connection tracking
based L4 field translation for stateful ACLs. When enabled allows proper
handling of IP fragmentation in userspace datapaths. This option may break
hardware offloading and is disabled by default.
- Added disable_garp_rarp option to logical_router table in order to disable
GARP/RARP announcements by all the peer ports of this logical router.
- Update openvswitch to 3.5.4
- Full changelog https://www.openvswitch.org/releases/NEWS-3.5.4.txt
- OVS validated with DPDK 24.11.4.
- Fixed buffer overflow during conntrack processing of alg=ftp in
userspace datapath (CVE-2026-34956) (bsc#1261273).
- Update openvswitch to 3.5.3
- Full changelog https://www.openvswitch.org/releases/NEWS-3.5.3.txt
- Bug fixes