Headline
Red Hat Security Advisory 2023-1769-01
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openvswitch2.17 security update
Advisory ID: RHSA-2023:1769-01
Product: Fast Datapath
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1769
Issue date: 2023-04-13
CVE Names: CVE-2023-1668
====================================================================
- Summary:
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat
Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
[23.C RHEL-9] Fast Datapath Release (BZ#2177686)
[CT] Inner header of ICMP related traffic does not get DNATed
(BZ#2178203)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
2177686 - [23.C RHEL-9] Fast Datapath Release
2178203 - [CT] Inner header of ICMP related traffic does not get DNATed
- Package List:
Fast Datapath for Red Hat Enterprise Linux 9:
Source:
openvswitch2.17-2.17.0-77.el9fdp.src.rpm
aarch64:
openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm
openvswitch2.17-debugsource-2.17.0-77.el9fdp.aarch64.rpm
openvswitch2.17-devel-2.17.0-77.el9fdp.aarch64.rpm
openvswitch2.17-ipsec-2.17.0-77.el9fdp.aarch64.rpm
python3-openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm
noarch:
openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm
ppc64le:
openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm
openvswitch2.17-debugsource-2.17.0-77.el9fdp.ppc64le.rpm
openvswitch2.17-devel-2.17.0-77.el9fdp.ppc64le.rpm
openvswitch2.17-ipsec-2.17.0-77.el9fdp.ppc64le.rpm
python3-openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm
s390x:
openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm
openvswitch2.17-debugsource-2.17.0-77.el9fdp.s390x.rpm
openvswitch2.17-devel-2.17.0-77.el9fdp.s390x.rpm
openvswitch2.17-ipsec-2.17.0-77.el9fdp.s390x.rpm
python3-openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm
x86_64:
openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm
openvswitch2.17-debugsource-2.17.0-77.el9fdp.x86_64.rpm
openvswitch2.17-devel-2.17.0-77.el9fdp.x86_64.rpm
openvswitch2.17-ipsec-2.17.0-77.el9fdp.x86_64.rpm
python3-openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-1668
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZDfaINzjgjWX9erEAQgdjQ//RB88e003zD0P5VKlgcd8xQcxdHy8WkKp
BksrNOZnjGEeUw3qyqjQaADC8SlmvEWCg7Vh3wxZvAE30nOQOHLZ3iZufvxHAxi3
0MSyKGolC2W7jCtgEA3TMVu3yx/Pb5sh02iRh32Bp4q7B76blUt+MqR/6APyAHFP
EOxCrGL4Uif1rC96U1tlexErOmHRdE/hSso/mw5NtP6E5kt27qiNJEsQC4ep3Csi
61e6+T/dgH/cHso3t5JNX9zdijrSqJmXfc9G3gGxlfkYgUJo7su04Rpx757ufGi2
sMKR6cEJJKB7kfyhGFys8txsJhsXG5sAMuLDowHEPn/TBtRq734EFIL+A3ksMUTR
RmBDUqgycibn3uHkG3MOG9/JhJbCp6xA2B8I74ygWezjvbnLqILHvOzWO8PgXypV
wIwlGBdtcICL2ORDelPznaCf/SltjFrOg0cOxo1IPIMakHYRsEuocyEnzpRH7IVl
05x1i964/ur4B6j5m6qVJa9aX3eADHl2Tzkc9ykeYJ/Wv/W+LNksOTuxwRknGxn5
MmMrMO87eF7uxALARIlo6UjggmT38A39cy/rdrlmT0BUHafLGe8sz7vwhklRwoAw
GoEsPaDmN4hotvh94Unf89SwSXKKp1S8XG1+DIl091Rg1nkcSudBoC3k4PmYRSY+
7qP7ZWcYyvk=xchJ
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.