Headline
Debian Security Advisory 5640-1
Debian Linux Security Advisory 5640-1 - Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5640-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffMarch 14, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : openvswitchCVE ID : CVE-2023-3966 CVE-2023-5366 Debian Bug : 1063492Two vulnerabilities were discovered in Open vSwitch, a software-basedEthernet virtual switch, which could result in a bypass of OpenFlowrules or denial of service.For the oldstable distribution (bullseye), these problems have been fixedin version 2.15.0+ds1-2+deb11u5. This update also adresses a memory leaktracked as CVE-2024-22563.For the stable distribution (bookworm), these problems have been fixed inversion 3.1.0-2+deb12u1.We recommend that you upgrade your openvswitch packages.For the detailed security status of openvswitch please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openvswitchFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXy+NgACgkQEMKTtsN8TjasEQ//V4q2/qeHlZk+Sr/73jLvDOA7u6O+FxGGi+LHBiYIoUlD+E2jEq/pAzaK/hlpHCKO1g5bkf7/TcA9TaMyxo498LmT6/TX6SNB+lxOcJQlS8KyT/JtNQt31nk4LND1IU/WFliMdNQoqwYgZVp6innCmb2hTYcxTKeGeQndnaTRIGo/FShxgCBZHwOJKB39eg0hQCDgx1DzfkA0e9u/I7Vq4MKEitV5u1H+Uf9embZaUsfwJCSaeshuxmp4U20r2V9hxXVYrhAeFWYGiDEY+Di4O9fDOVLw2An19ncQjDquLfRYqdys8AMxzi3+Vm0VasMAmZlEhdjcSjtotMI3tjgLcWGOz8BGdBUTAKK0FMtzPHLMhjfJ/cpC6jxZ19ZJcD3OUDIA6nf4CZjW4BOCImukqm9EUJtcQFZAGONdkelNYiz6V5R6IpbAVtLPVkx5yyWWEPXau6eZKhKO0aMcBiAGUYs2LI0rmrmPBdTtQcZJmTx7U+jZiPO6Dx0YP5DMwY23Z8GWPZeDX/2C8HBPqAMKfsWzIOEcXJ0HlAnVyJnC7XGBb+q4W+RFDWhcXYbi40SyyHrDqYBg/ne7WxEnmzfMk3F9cqRCn+owV2lbYxYRKIDZngyg2JK3sdjMUfnFE+5D8QRvxQQMYM9H8q3iBzR1KVEi6cpUUoTZCz6qI5rcH6E==ZEHS-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.
Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.
Red Hat Security Advisory 2024-1235-03 - An update for openvswitch3.1 is now available for Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-1234-03 - An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-1227-03 - An update for openvswitch3.1 is now available for Fast Datapath for Red Hat Enterprise Linux 9.
Ubuntu Security Notice 6514-1 - It was discovered that Open vSwitch did not correctly handle OpenFlow rules for ICMPv6 Neighbour Advertisement packets. A local attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.