Headline
Red Hat Security Advisory 2023-1823-01
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openvswitch2.13 security update
Advisory ID: RHSA-2023:1823-01
Product: Fast Datapath
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1823
Issue date: 2023-04-18
CVE Names: CVE-2023-1668
=====================================================================
- Summary:
An update for openvswitch2.13 is now available for Fast Datapath for Red
Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-8] Fast Datapath Release (BZ#2184495)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
2184495 - [23.C RHEL-8] Fast Datapath Release
- Package List:
Fast Datapath for Red Hat Enterprise Linux 8:
Source:
openvswitch2.13-2.13.0-214.el8fdp.src.rpm
aarch64:
network-scripts-openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm
openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm
openvswitch2.13-debuginfo-2.13.0-214.el8fdp.aarch64.rpm
openvswitch2.13-debugsource-2.13.0-214.el8fdp.aarch64.rpm
openvswitch2.13-devel-2.13.0-214.el8fdp.aarch64.rpm
openvswitch2.13-ipsec-2.13.0-214.el8fdp.aarch64.rpm
python3-openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm
python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.aarch64.rpm
noarch:
openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm
ppc64le:
network-scripts-openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm
openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm
openvswitch2.13-debuginfo-2.13.0-214.el8fdp.ppc64le.rpm
openvswitch2.13-debugsource-2.13.0-214.el8fdp.ppc64le.rpm
openvswitch2.13-devel-2.13.0-214.el8fdp.ppc64le.rpm
openvswitch2.13-ipsec-2.13.0-214.el8fdp.ppc64le.rpm
python3-openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm
python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.ppc64le.rpm
s390x:
network-scripts-openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm
openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm
openvswitch2.13-debuginfo-2.13.0-214.el8fdp.s390x.rpm
openvswitch2.13-debugsource-2.13.0-214.el8fdp.s390x.rpm
openvswitch2.13-devel-2.13.0-214.el8fdp.s390x.rpm
openvswitch2.13-ipsec-2.13.0-214.el8fdp.s390x.rpm
python3-openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm
python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.s390x.rpm
x86_64:
network-scripts-openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm
openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm
openvswitch2.13-debuginfo-2.13.0-214.el8fdp.x86_64.rpm
openvswitch2.13-debugsource-2.13.0-214.el8fdp.x86_64.rpm
openvswitch2.13-devel-2.13.0-214.el8fdp.x86_64.rpm
openvswitch2.13-ipsec-2.13.0-214.el8fdp.x86_64.rpm
python3-openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm
python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-1668
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZD7GLtzjgjWX9erEAQgwsg/9FM6NZrAI8FDFFH4N1p57Sd4Ul56xok0m
/VZ/YyAnINPnYcZCKAYpgBhilHyRgPzd2rqBxGx7eovYxcaD8a/YYEUvHjBsh7Zv
z+26A8AGhwqJS+tFpUmVENre4pgOqoD8TMMP/39qYKSy3QFQZakGBpabPDdI65u+
uxPifmP/Pep5qLqxafwFAijiRpw7WgSFluXc8/OmrQEMAvAEvogW6blNkGv5KA+K
B2XZCCRuuf1wyfUepNRIBJAXvzduUQ8hkuu8VbQtl37RsTtO/wAFmYIDpjH/RSvp
V2NUfkDtbSg1Hg3x2CHr7FlDbxtECAe56yaECNipJTnqMaMOHhBGYU81wF7JCqT7
jQ6KA84jOj7bZnl2td9LguT/TqupA8qcOcMQnA63kau+rwWbywDhr3OD5baEqCL7
Yw2J6TH345GwASD2cfvMV+EIT9eXKeDzLl6pFbW6xgSmv84N4NZH2WFu5XRV5tNM
htx4aa7YZ8Zeq+cX15/hNwbsaITxX2qOro8D3gveZfl3f7fdisrNRBW+CztmJmJQ
fkNGz1jWqkN7/W/Tg9r/BpKYCTASO3Hz/rAfp7+Avmjaz7MxOELaXgNTLphxMCBK
s6jtlfTosn+26Nmc0ftoZm7NbyB0OMCvihZu11dKGvdU7JukAYqqDUcBpT0sdgA5
2TUrqCBxF+c=
=r8Rc
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.