Headline
Red Hat Security Advisory 2023-1770-01
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openvswitch3.1 security update
Advisory ID: RHSA-2023:1770-01
Product: Fast Datapath
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1770
Issue date: 2023-04-13
CVE Names: CVE-2023-1668
====================================================================
- Summary:
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat
Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-9] Fast Datapath Release (BZ#2177688)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
2177688 - [23.C RHEL-9] Fast Datapath Release
- Package List:
Fast Datapath for Red Hat Enterprise Linux 9:
Source:
openvswitch3.1-3.1.0-14.el9fdp.src.rpm
aarch64:
openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm
openvswitch3.1-debugsource-3.1.0-14.el9fdp.aarch64.rpm
openvswitch3.1-devel-3.1.0-14.el9fdp.aarch64.rpm
openvswitch3.1-ipsec-3.1.0-14.el9fdp.aarch64.rpm
python3-openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm
noarch:
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm
ppc64le:
openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm
openvswitch3.1-debugsource-3.1.0-14.el9fdp.ppc64le.rpm
openvswitch3.1-devel-3.1.0-14.el9fdp.ppc64le.rpm
openvswitch3.1-ipsec-3.1.0-14.el9fdp.ppc64le.rpm
python3-openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm
s390x:
openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm
openvswitch3.1-debugsource-3.1.0-14.el9fdp.s390x.rpm
openvswitch3.1-devel-3.1.0-14.el9fdp.s390x.rpm
openvswitch3.1-ipsec-3.1.0-14.el9fdp.s390x.rpm
python3-openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm
x86_64:
openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm
openvswitch3.1-debugsource-3.1.0-14.el9fdp.x86_64.rpm
openvswitch3.1-devel-3.1.0-14.el9fdp.x86_64.rpm
openvswitch3.1-ipsec-3.1.0-14.el9fdp.x86_64.rpm
python3-openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-1668
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZDfaLtzjgjWX9erEAQgWtw//Q8Uf6a/o/eN5OJxyMupZANRTuKoPOXeu
vUuwVU6oVNklao0FCs3BkMUfoGagZfHqJiVtaJBp48hpHWprZ6CJ6Prc18k/KIkY
hhN/z42p1fLC+J4JzMuA3cODHVc0JkXuRT1wMfGYfKq4RLPaW6jADVSIGzTIZhc9
YtppXWcpp5cEgvoF9/NtZspKggFUWuXj4BymJ7fzmxGpDkHkaMMdMX+9+qTevpyP
Kj0G9YfdmmUGWAaZ3Fm5/vh8otoeTDOU83YgTl+kQrflPg/PJVuTAiJ3cjA+Sl1U
yZDyUxNwgSwvJ4PJKMif6SrNsvv1PQpxK9UE9Q8JWVlXVwvPw5aHpj9bhk5Kmv3n
t/x37zdKWPbldBeuQlNpXTNAZ1YFGd5PSzseR8fJXoyinhcT+ATC4mAyWhoq5+B5
J7NLCxJDXfO8pzBbnv5whaDS3fztXbFpKQC5wC26x/az4Fci2+y2EX9TTxYTyA2P
JZ0zp4wZpHHk78xoSPOMGuvURwl9NYGPQvLtztg6sOFx/XDwC3fws+SGTkeUJjfw
xiAdisM4JAujDR0jiMRBe+WkElVF1uaT1KolLQPxu9kxcNuLJ/Qr62kBjsPfgkF0
feZT3Uui2ZZhuX/F/z74OkKS+ke9dIeN75d6KpYiMfaJdYpRC2rmU6f1aQBfcVik
dd1tBu49mHM=xop/
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.