Headline
RHSA-2023:1765: Red Hat Security Advisory: openvswitch2.17 security update
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-13
Updated:
2023-04-13
RHSA-2023:1765 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch2.17 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-8] Fast Datapath Release (BZ#2177685)
- [CT] Inner header of ICMP related traffic does not get DNATed (BZ#2178200)
Affected Products
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
Fixes
- BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
- BZ - 2177685 - [23.C RHEL-8] Fast Datapath Release
- BZ - 2178200 - [CT] Inner header of ICMP related traffic does not get DNATed
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch2.17-2.17.0-88.el8fdp.src.rpm
SHA-256: 7784b5654ef8a1f8d2280ca72f746344673be329d95cc99fa9de2a21a383dffa
x86_64
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm
SHA-256: ec5d25ca9469b7d37a8f923e72c5973b8c38eb3a8ddcf5d357583dbb547fbfd4
openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm
SHA-256: ac2684bc1e99c09ea880c472a6e3c5935f98b9825cb4921cd1aedb03ccb26486
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm
SHA-256: 3b04e9157c4f31ed590218c6e2f846a6575ad0af0bba2f42fdc277922cd1d1d1
openvswitch2.17-debugsource-2.17.0-88.el8fdp.x86_64.rpm
SHA-256: a425f181a0e72f2640ae1e9841c6ad95e69a2cb431fe7b23ad2cbb71645ca1bd
openvswitch2.17-devel-2.17.0-88.el8fdp.x86_64.rpm
SHA-256: 9d4e761ece81f2f8d199d7d3e78624e105fb04d3920204bafd012f80ad6fff84
openvswitch2.17-ipsec-2.17.0-88.el8fdp.x86_64.rpm
SHA-256: 8be49a7ba99bf04f393a65b15af12109931ed183adc4107653cae76f891dcc53
openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm
SHA-256: d9ecc7d9e8247660a27a275e9ea9d76b436573e4a5bace07a12b65cd6a35d2ec
python3-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm
SHA-256: abc488d4910b1ad455607cb01647b240857e2d5f795f1f5422eec78ae61b8fa2
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm
SHA-256: 66c63f6eb2cba9c1cf3359602ff423f75496d75c4fb3629432ce6025cfb1e515
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch2.17-2.17.0-88.el8fdp.src.rpm
SHA-256: 7784b5654ef8a1f8d2280ca72f746344673be329d95cc99fa9de2a21a383dffa
ppc64le
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm
SHA-256: 2b0b34073d597f9036ef968b67f9ca696518be608f4c28eb7c52409cb8593d45
openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm
SHA-256: 84f121f1fd85ec0e79107f58d2193900c977f05fc1bf3d9e4bda9a192982318d
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm
SHA-256: 89e60a79ab568d7e78abb05d62304ebe7c47940fc4f85da7a0c07464f2abdb7c
openvswitch2.17-debugsource-2.17.0-88.el8fdp.ppc64le.rpm
SHA-256: 8119c73b8d394438202925fa9d21783d4bd9d9f54982c669f6a398ecc0f5178e
openvswitch2.17-devel-2.17.0-88.el8fdp.ppc64le.rpm
SHA-256: 1627b75dc33ab61d7e05010cab0ea45abcddc7ffa5eb58738f32aa4bb71b9e87
openvswitch2.17-ipsec-2.17.0-88.el8fdp.ppc64le.rpm
SHA-256: 559da05b91c9832e2c168a09de27289c7daea0fe596703deda1cfa3a2276a5e7
openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm
SHA-256: d9ecc7d9e8247660a27a275e9ea9d76b436573e4a5bace07a12b65cd6a35d2ec
python3-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm
SHA-256: 21544da4f604396bb429f2f309d1640cb4a46e186d4c354ed25388e068f37103
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm
SHA-256: 4383c853a3c9b720ce40d96d0ff42de6ae99d0d9bc6562e9dbd18fa76dbb85d3
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch2.17-2.17.0-88.el8fdp.src.rpm
SHA-256: 7784b5654ef8a1f8d2280ca72f746344673be329d95cc99fa9de2a21a383dffa
s390x
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm
SHA-256: fcbe557e0313477ccedfb76d43682dad0b1cc13b266d213ade863546ad6f2d7c
openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm
SHA-256: 07dd2c2ee1d95f765af84c463eb20976cb57346c2b53c2a8b15e7f4db7fc12ed
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm
SHA-256: 9a9b5b3c0c8b7990f646b021cd59d67ceb4ab269d2ec65e95a51b9bbd1f7ca3e
openvswitch2.17-debugsource-2.17.0-88.el8fdp.s390x.rpm
SHA-256: fcc2e8446b63d763dda753de0ab2515c6d915e6da72b8de14369f05f57a58232
openvswitch2.17-devel-2.17.0-88.el8fdp.s390x.rpm
SHA-256: 2d11123d3a6b91a49e5016a1d406e09e6e5a09db1a0ab70188851dff1eb9d4ba
openvswitch2.17-ipsec-2.17.0-88.el8fdp.s390x.rpm
SHA-256: 18887c2324b35de7d67cc99f9189796747f2781b62644903d6ff26afd911c55b
openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm
SHA-256: d9ecc7d9e8247660a27a275e9ea9d76b436573e4a5bace07a12b65cd6a35d2ec
python3-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm
SHA-256: 34a61abfaa3658be787a4956f37e2645bbd53a058ea40d712e02a87bfe4d5935
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm
SHA-256: 46fe4fedc562baccefd2e59e5e47458158d58380bef4962093eadb33db7b2a08
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch2.17-2.17.0-88.el8fdp.src.rpm
SHA-256: 7784b5654ef8a1f8d2280ca72f746344673be329d95cc99fa9de2a21a383dffa
aarch64
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm
SHA-256: 614cba6233ee9acfa7847af86caa989d2960eca9f420e437efa9b64f60465350
openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm
SHA-256: 87001dff2ca4893b11d6a3f02ea58f4c25fc820f7c35da288ca8f04c8e60fa17
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm
SHA-256: b1fae1e5e22b91e2b0823bf66b2d675b14ea2db1389e0f3e9120f9209fcf18c6
openvswitch2.17-debugsource-2.17.0-88.el8fdp.aarch64.rpm
SHA-256: d9818cc5b4151794fc19a409bd45509d041a08897f7b897bc291fabb67e79a08
openvswitch2.17-devel-2.17.0-88.el8fdp.aarch64.rpm
SHA-256: 1a5da110bd08c567eae3ee1ff700a49e1e247e6fda714437ac5c384314b1677f
openvswitch2.17-ipsec-2.17.0-88.el8fdp.aarch64.rpm
SHA-256: 5676741183c02ddc9c7bc05c33bed41ea44cfd755f9df2951380b56318cf568a
openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm
SHA-256: d9ecc7d9e8247660a27a275e9ea9d76b436573e4a5bace07a12b65cd6a35d2ec
python3-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm
SHA-256: ba73e5fc5a6d2f44396fb5be6de395bce357a2448320e63bcaedbd0967e60995
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm
SHA-256: d9db8a1509c3be8719d5b6aae029146b46de347b9c75703ece60044fffa72de9
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.