Headline
RHSA-2023:0687: Red Hat Security Advisory: openvswitch2.15 security, bug fix and enhancement update
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service.
- CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
発行日:
2023-02-09
更新日:
2023-02-09
RHSA-2023:0687 - Security Advisory
- 概要
- 更新パッケージ
概要
Moderate: openvswitch2.15 security, bug fix and enhancement update
タイプ/重大度
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
トピック
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: Out-of-Bounds Read in Organization Specific TLV (CVE-2022-4337)
- openvswitch: Integer Underflow in Organization Specific TLV (CVE-2022-4338)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
影響を受ける製品
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
修正
- BZ - 2060552 - Userspace datapath drops the encapsulated packet with inner vlan if sent to the access port
- BZ - 2155378 - CVE-2022-4337 openvswitch: Out-of-Bounds Read in Organization Specific TLV
- BZ - 2155381 - CVE-2022-4338 openvswitch: Integer Underflow in Organization Specific TLV
- BZ - 2162030 - [23.A RHEL-8] Fast Datapath Release
参考資料
- https://access.redhat.com/security/updates/classification/#moderate
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch2.15-2.15.0-133.el8fdp.src.rpm
SHA-256: 5995148990613349029241f70199ef7d2cc7540ac18e88bd64d8c38bda8e8170
x86_64
network-scripts-openvswitch2.15-2.15.0-133.el8fdp.x86_64.rpm
SHA-256: 8429905c5c0414028d8173b3b796ea6575eb25379e1863e17e67e2836e8af4f5
openvswitch2.15-2.15.0-133.el8fdp.x86_64.rpm
SHA-256: db7d5060dafe35cf77af86317b0dd2db47b98e81902eff4d1e54a088f2419a52
openvswitch2.15-debuginfo-2.15.0-133.el8fdp.x86_64.rpm
SHA-256: d6a60aa8c43c121cfe8222f86728e05883b27e869e861c9390ab12474ec82cdf
openvswitch2.15-debugsource-2.15.0-133.el8fdp.x86_64.rpm
SHA-256: e93f7f28c23f6200d7a884c601b1cd46518d1b963c7dfbf3dc88351179a43e4c
openvswitch2.15-devel-2.15.0-133.el8fdp.x86_64.rpm
SHA-256: 18afa031deb5b640120f6cb69daf5081174ab9eacc584ad7595446be9455a8a2
openvswitch2.15-ipsec-2.15.0-133.el8fdp.x86_64.rpm
SHA-256: 8d6ddb21f8a8b16476c0ce7c5449d30fa31b9c90cf437a8331d9a4d891ce9092
openvswitch2.15-test-2.15.0-133.el8fdp.noarch.rpm
SHA-256: 0e33913159c9fb1b9aec294a9e9310c989329227f971f761f2b8fbc671dad6e7
python3-openvswitch2.15-2.15.0-133.el8fdp.x86_64.rpm
SHA-256: f5b94ed046134eb302cb75ea103b3c439c6f08ac3a010b01686a6e20f3e71be1
python3-openvswitch2.15-debuginfo-2.15.0-133.el8fdp.x86_64.rpm
SHA-256: af4da352034762ba26dcfa11173854011040447449ad56c03a02cdd308e778bd
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch2.15-2.15.0-133.el8fdp.src.rpm
SHA-256: 5995148990613349029241f70199ef7d2cc7540ac18e88bd64d8c38bda8e8170
ppc64le
network-scripts-openvswitch2.15-2.15.0-133.el8fdp.ppc64le.rpm
SHA-256: e9492328cabb5743a9b45bd418738f42b21f8ce0948ff68f15c2521455cd4da0
openvswitch2.15-2.15.0-133.el8fdp.ppc64le.rpm
SHA-256: 27d03004f5741fa7be5c3dd6ff2fbbea5ebe7237ffc5bfda550984ad96f82ad1
openvswitch2.15-debuginfo-2.15.0-133.el8fdp.ppc64le.rpm
SHA-256: 1e118b75de544ab51887428e2887f16f23b51ce5282d98c60c32e04868c323cb
openvswitch2.15-debugsource-2.15.0-133.el8fdp.ppc64le.rpm
SHA-256: 237ab865171f6659e56960cd1b99bc7f0041fcf6c859132bc625926569c7aca1
openvswitch2.15-devel-2.15.0-133.el8fdp.ppc64le.rpm
SHA-256: 145a49762d6bb8fdfd44575b58b0848239a05a9fcdc39d84d3ec34f03dc74c50
openvswitch2.15-ipsec-2.15.0-133.el8fdp.ppc64le.rpm
SHA-256: ef3bf05784f592cc0902a4e80156b4408a4d5d867469116870c637b09db486ac
openvswitch2.15-test-2.15.0-133.el8fdp.noarch.rpm
SHA-256: 0e33913159c9fb1b9aec294a9e9310c989329227f971f761f2b8fbc671dad6e7
python3-openvswitch2.15-2.15.0-133.el8fdp.ppc64le.rpm
SHA-256: 25f91c01bc0d80bc25f73503845267f8eec505010558694ee649732a28db0e7d
python3-openvswitch2.15-debuginfo-2.15.0-133.el8fdp.ppc64le.rpm
SHA-256: 440fb8f7d626e1038ab358666e42249971b818e606e9ce6ca09d970c2a96f489
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch2.15-2.15.0-133.el8fdp.src.rpm
SHA-256: 5995148990613349029241f70199ef7d2cc7540ac18e88bd64d8c38bda8e8170
s390x
network-scripts-openvswitch2.15-2.15.0-133.el8fdp.s390x.rpm
SHA-256: 169965fc24047d5976a9aade7da942fbfd98606b3ec1691d209634ae4dc24347
openvswitch2.15-2.15.0-133.el8fdp.s390x.rpm
SHA-256: b423e61852a2e091337b5f534b948828621f98341c4a3b3396583aaa9e56967d
openvswitch2.15-debuginfo-2.15.0-133.el8fdp.s390x.rpm
SHA-256: 6b2505536938db80d0d2923a71e95cd09c3be281983fe05dcf4ea99fe0071011
openvswitch2.15-debugsource-2.15.0-133.el8fdp.s390x.rpm
SHA-256: 46c7dfa1e773cb0d47632e79f390c4f365a3f8bdb2e823ea5c18df5751b7d2a4
openvswitch2.15-devel-2.15.0-133.el8fdp.s390x.rpm
SHA-256: 3f5557a26ef3f38c6891148521d253950e564d0694650bf818c96a4129f1b9ab
openvswitch2.15-ipsec-2.15.0-133.el8fdp.s390x.rpm
SHA-256: 5d24920e5bad67c59c503b475412bf84593fc3c14f8ea22d7e065fcdc1f59383
openvswitch2.15-test-2.15.0-133.el8fdp.noarch.rpm
SHA-256: 0e33913159c9fb1b9aec294a9e9310c989329227f971f761f2b8fbc671dad6e7
python3-openvswitch2.15-2.15.0-133.el8fdp.s390x.rpm
SHA-256: ac5155473172a1cbb82b883507111840d99cce22709eef8d71206e9812d631db
python3-openvswitch2.15-debuginfo-2.15.0-133.el8fdp.s390x.rpm
SHA-256: 094dd87a0448890e00d07758f82dc4ae68c7a7d2973083e316c37d1f15a6426d
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch2.15-2.15.0-133.el8fdp.src.rpm
SHA-256: 5995148990613349029241f70199ef7d2cc7540ac18e88bd64d8c38bda8e8170
aarch64
network-scripts-openvswitch2.15-2.15.0-133.el8fdp.aarch64.rpm
SHA-256: 40fb04491005a1c321908f9ec7e1a51ecaa01bff0a41b1b1b6ccdcc50d47940e
openvswitch2.15-2.15.0-133.el8fdp.aarch64.rpm
SHA-256: 5ffbce9890c61f63db3cb0a568b11142a4021e2044314f4c32bdbd6d469e59f7
openvswitch2.15-debuginfo-2.15.0-133.el8fdp.aarch64.rpm
SHA-256: affed2612ef256a0330f1cf55aad67a607c2afaef7afc8118b1272566fbf0221
openvswitch2.15-debugsource-2.15.0-133.el8fdp.aarch64.rpm
SHA-256: e560ffd10629f9db71914dc2cf8a571673a67326eeeca71c1157fdfd9dcc5d3e
openvswitch2.15-devel-2.15.0-133.el8fdp.aarch64.rpm
SHA-256: 2eb923a548818f2cd9da6f5b5f2887bbd292283f000c529063f46b6027f66075
openvswitch2.15-ipsec-2.15.0-133.el8fdp.aarch64.rpm
SHA-256: a7be0226bee182ea39871569f70feafe6cde350f6fae5b600602eab1577a7f95
openvswitch2.15-test-2.15.0-133.el8fdp.noarch.rpm
SHA-256: 0e33913159c9fb1b9aec294a9e9310c989329227f971f761f2b8fbc671dad6e7
python3-openvswitch2.15-2.15.0-133.el8fdp.aarch64.rpm
SHA-256: 73c71ca7f96610cc5f1e02faffad1614defbd684088c9bb6ff9f76298187178a
python3-openvswitch2.15-debuginfo-2.15.0-133.el8fdp.aarch64.rpm
SHA-256: 3cce7b02d81ab9aaa0999ffae4f1c4c20862b09901546a3bc4955b74a597ac43
Red Hat のセキュリティーに関する連絡先は [email protected] です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat OpenShift Container Platform release 4.10.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeri...
Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.
Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
Red Hat Security Advisory 2023-0769-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...
Red Hat Security Advisory 2023-0691-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0685-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0688-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0689-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0687-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
An update for openvswitch2.16 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
Debian Linux Security Advisory 5319-1 - Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, software-based Ethernet virtual switch, which could result in denial of service.
Debian Linux Security Advisory 5319-1 - Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, software-based Ethernet virtual switch, which could result in denial of service.
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.