Headline
Red Hat Security Advisory 2023-1766-01
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openvswitch3.1 security update
Advisory ID: RHSA-2023:1766-01
Product: Fast Datapath
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1766
Issue date: 2023-04-13
CVE Names: CVE-2023-1668
====================================================================
- Summary:
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-8] Fast Datapath Release (BZ#2177687)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Users of openvswitch3.1 are advised to upgrade to these updated packages,
which fixes these bugs.
- Bugs fixed (https://bugzilla.redhat.com/):
2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
2177687 - [23.C RHEL-8] Fast Datapath Release
- Package List:
Fast Datapath for Red Hat Enterprise Linux 8:
Source:
openvswitch3.1-3.1.0-17.el8fdp.src.rpm
aarch64:
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm
openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm
openvswitch3.1-debugsource-3.1.0-17.el8fdp.aarch64.rpm
openvswitch3.1-devel-3.1.0-17.el8fdp.aarch64.rpm
openvswitch3.1-ipsec-3.1.0-17.el8fdp.aarch64.rpm
python3-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm
noarch:
openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm
ppc64le:
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm
openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm
openvswitch3.1-debugsource-3.1.0-17.el8fdp.ppc64le.rpm
openvswitch3.1-devel-3.1.0-17.el8fdp.ppc64le.rpm
openvswitch3.1-ipsec-3.1.0-17.el8fdp.ppc64le.rpm
python3-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm
s390x:
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm
openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm
openvswitch3.1-debugsource-3.1.0-17.el8fdp.s390x.rpm
openvswitch3.1-devel-3.1.0-17.el8fdp.s390x.rpm
openvswitch3.1-ipsec-3.1.0-17.el8fdp.s390x.rpm
python3-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm
x86_64:
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm
openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm
openvswitch3.1-debugsource-3.1.0-17.el8fdp.x86_64.rpm
openvswitch3.1-devel-3.1.0-17.el8fdp.x86_64.rpm
openvswitch3.1-ipsec-3.1.0-17.el8fdp.x86_64.rpm
python3-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-1668
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZDfaINzjgjWX9erEAQgq0Q//bKc0CM9R2JeB8Czrus6oTHhXpBt+ykbW
ynNuGnQFwrIK2ToqHAvCXfbavCbP+ENebsxzCfKBzE0kL2KrTq5v/cgcETyWsc2O
VJ+LxTeYOjuKXObO+aAQujcEpU89FiwXPcdyBr0ayuLof+tLuem78VQoPyDnMBmF
zB9RIIOjznXOFPhwej8DokAziEVtjgKwWuh1/V4nYquIAFyP7hm4IQ26OkVLxhZG
LNCXmHYFxwgqXBn9vEmTNuAjRZFHkyIHHH6ShZHwz//tK4EbwW5v+IvQpCa6rkHT
beZh2ivr7t07J27xheD7AZPmat1dlOBmSo3yy67W9hC2t1YGp0ryaTyq1SZt2+h0
a8+CF8870BjZidp6tLsRc5EMz+/WSoRatYn92WOfKnAyrMfSXgZvqpq94nv+oYJw
uLA3FMc2mae7JDWVkl/K1TT8r2b9aUQk8qL0w1onAQComtOFbNzOvWfwQMp2PMZ9
l13TQpJGEhu5NiXKUeQZvT+XLyuZ80DsyyPES080CQ3IdJ0uCcMpQDb346PJUfG6
/kSMi0LiPRArFgQXWfL4EWNKPnEBeLJQmaFO7grNPAi8k4cuuiHbx2NTByAdQKFg
ayKoM1ntNB6KGBVQnhScsELj6lFZp/RiBWpocpj1nHVxlIdwmbIqU8UIDK26QvrJ
xi7Xxtsl0ZQ=aTXK
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.