Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1765: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-13

Updated:

2023-04-13

RHSA-2023:1765 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch2.17 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [23.C RHEL-8] Fast Datapath Release (BZ#2177685)
  • [CT] Inner header of ICMP related traffic does not get DNATed (BZ#2178200)

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 8 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64

Fixes

  • BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
  • BZ - 2177685 - [23.C RHEL-8] Fast Datapath Release
  • BZ - 2178200 - [CT] Inner header of ICMP related traffic does not get DNATed

Red Hat Enterprise Linux Fast Datapath 8

SRPM

openvswitch2.17-2.17.0-88.el8fdp.src.rpm

SHA-256: 7784b5654ef8a1f8d2280ca72f746344673be329d95cc99fa9de2a21a383dffa

x86_64

network-scripts-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm

SHA-256: ec5d25ca9469b7d37a8f923e72c5973b8c38eb3a8ddcf5d357583dbb547fbfd4

openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm

SHA-256: ac2684bc1e99c09ea880c472a6e3c5935f98b9825cb4921cd1aedb03ccb26486

openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm

SHA-256: 3b04e9157c4f31ed590218c6e2f846a6575ad0af0bba2f42fdc277922cd1d1d1

openvswitch2.17-debugsource-2.17.0-88.el8fdp.x86_64.rpm

SHA-256: a425f181a0e72f2640ae1e9841c6ad95e69a2cb431fe7b23ad2cbb71645ca1bd

openvswitch2.17-devel-2.17.0-88.el8fdp.x86_64.rpm

SHA-256: 9d4e761ece81f2f8d199d7d3e78624e105fb04d3920204bafd012f80ad6fff84

openvswitch2.17-ipsec-2.17.0-88.el8fdp.x86_64.rpm

SHA-256: 8be49a7ba99bf04f393a65b15af12109931ed183adc4107653cae76f891dcc53

openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm

SHA-256: d9ecc7d9e8247660a27a275e9ea9d76b436573e4a5bace07a12b65cd6a35d2ec

python3-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm

SHA-256: abc488d4910b1ad455607cb01647b240857e2d5f795f1f5422eec78ae61b8fa2

python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm

SHA-256: 66c63f6eb2cba9c1cf3359602ff423f75496d75c4fb3629432ce6025cfb1e515

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8

SRPM

openvswitch2.17-2.17.0-88.el8fdp.src.rpm

SHA-256: 7784b5654ef8a1f8d2280ca72f746344673be329d95cc99fa9de2a21a383dffa

ppc64le

network-scripts-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm

SHA-256: 2b0b34073d597f9036ef968b67f9ca696518be608f4c28eb7c52409cb8593d45

openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm

SHA-256: 84f121f1fd85ec0e79107f58d2193900c977f05fc1bf3d9e4bda9a192982318d

openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm

SHA-256: 89e60a79ab568d7e78abb05d62304ebe7c47940fc4f85da7a0c07464f2abdb7c

openvswitch2.17-debugsource-2.17.0-88.el8fdp.ppc64le.rpm

SHA-256: 8119c73b8d394438202925fa9d21783d4bd9d9f54982c669f6a398ecc0f5178e

openvswitch2.17-devel-2.17.0-88.el8fdp.ppc64le.rpm

SHA-256: 1627b75dc33ab61d7e05010cab0ea45abcddc7ffa5eb58738f32aa4bb71b9e87

openvswitch2.17-ipsec-2.17.0-88.el8fdp.ppc64le.rpm

SHA-256: 559da05b91c9832e2c168a09de27289c7daea0fe596703deda1cfa3a2276a5e7

openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm

SHA-256: d9ecc7d9e8247660a27a275e9ea9d76b436573e4a5bace07a12b65cd6a35d2ec

python3-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm

SHA-256: 21544da4f604396bb429f2f309d1640cb4a46e186d4c354ed25388e068f37103

python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm

SHA-256: 4383c853a3c9b720ce40d96d0ff42de6ae99d0d9bc6562e9dbd18fa76dbb85d3

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8

SRPM

openvswitch2.17-2.17.0-88.el8fdp.src.rpm

SHA-256: 7784b5654ef8a1f8d2280ca72f746344673be329d95cc99fa9de2a21a383dffa

s390x

network-scripts-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm

SHA-256: fcbe557e0313477ccedfb76d43682dad0b1cc13b266d213ade863546ad6f2d7c

openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm

SHA-256: 07dd2c2ee1d95f765af84c463eb20976cb57346c2b53c2a8b15e7f4db7fc12ed

openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm

SHA-256: 9a9b5b3c0c8b7990f646b021cd59d67ceb4ab269d2ec65e95a51b9bbd1f7ca3e

openvswitch2.17-debugsource-2.17.0-88.el8fdp.s390x.rpm

SHA-256: fcc2e8446b63d763dda753de0ab2515c6d915e6da72b8de14369f05f57a58232

openvswitch2.17-devel-2.17.0-88.el8fdp.s390x.rpm

SHA-256: 2d11123d3a6b91a49e5016a1d406e09e6e5a09db1a0ab70188851dff1eb9d4ba

openvswitch2.17-ipsec-2.17.0-88.el8fdp.s390x.rpm

SHA-256: 18887c2324b35de7d67cc99f9189796747f2781b62644903d6ff26afd911c55b

openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm

SHA-256: d9ecc7d9e8247660a27a275e9ea9d76b436573e4a5bace07a12b65cd6a35d2ec

python3-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm

SHA-256: 34a61abfaa3658be787a4956f37e2645bbd53a058ea40d712e02a87bfe4d5935

python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm

SHA-256: 46fe4fedc562baccefd2e59e5e47458158d58380bef4962093eadb33db7b2a08

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8

SRPM

openvswitch2.17-2.17.0-88.el8fdp.src.rpm

SHA-256: 7784b5654ef8a1f8d2280ca72f746344673be329d95cc99fa9de2a21a383dffa

aarch64

network-scripts-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm

SHA-256: 614cba6233ee9acfa7847af86caa989d2960eca9f420e437efa9b64f60465350

openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm

SHA-256: 87001dff2ca4893b11d6a3f02ea58f4c25fc820f7c35da288ca8f04c8e60fa17

openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm

SHA-256: b1fae1e5e22b91e2b0823bf66b2d675b14ea2db1389e0f3e9120f9209fcf18c6

openvswitch2.17-debugsource-2.17.0-88.el8fdp.aarch64.rpm

SHA-256: d9818cc5b4151794fc19a409bd45509d041a08897f7b897bc291fabb67e79a08

openvswitch2.17-devel-2.17.0-88.el8fdp.aarch64.rpm

SHA-256: 1a5da110bd08c567eae3ee1ff700a49e1e247e6fda714437ac5c384314b1677f

openvswitch2.17-ipsec-2.17.0-88.el8fdp.aarch64.rpm

SHA-256: 5676741183c02ddc9c7bc05c33bed41ea44cfd755f9df2951380b56318cf568a

openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm

SHA-256: d9ecc7d9e8247660a27a275e9ea9d76b436573e4a5bace07a12b65cd6a35d2ec

python3-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm

SHA-256: ba73e5fc5a6d2f44396fb5be6de395bce357a2448320e63bcaedbd0967e60995

python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm

SHA-256: d9db8a1509c3be8719d5b6aae029146b46de347b9c75703ece60044fffa72de9

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202311-16

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

Red Hat Security Advisory 2023-3491-01

Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6068-1

Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-1823-01

Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Debian Security Advisory 5387-1

Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1770: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

RHSA-2023:1769: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...

RHSA-2023:1766: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

CVE-2023-1668: security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.