Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1823: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-18

Updated:

2023-04-18

RHSA-2023:1823 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch2.13 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [23.C RHEL-8] Fast Datapath Release (BZ#2184495)

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 8 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64

Fixes

  • BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
  • BZ - 2184495 - [23.C RHEL-8] Fast Datapath Release

Red Hat Enterprise Linux Fast Datapath 8

SRPM

openvswitch2.13-2.13.0-214.el8fdp.src.rpm

SHA-256: bd2a523b1773cee22095ffdda6d99f0c34772147b781cdb19594a5400ce573eb

x86_64

network-scripts-openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm

SHA-256: 85b4a54b36280226c10c1426a82e68fddf7fe08021616c049aabfd0c54795e77

openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm

SHA-256: 525c764dd0c122ecad501fd0f7467d4db25ab915404cd0f9265462fc50218e94

openvswitch2.13-debuginfo-2.13.0-214.el8fdp.x86_64.rpm

SHA-256: 314f543ee99ae8049b3f10ee14b50a9b97b78fd005dd1801e10434cb14a00987

openvswitch2.13-debugsource-2.13.0-214.el8fdp.x86_64.rpm

SHA-256: 6532d7f21ad7a1377e3dc050d391d121332447cfba6e508766b00c122dcccf92

openvswitch2.13-devel-2.13.0-214.el8fdp.x86_64.rpm

SHA-256: 5dda138ab8825f337a86011ca6f65c5bb3aee84d29b8113b96a1ff5f65e2a5e2

openvswitch2.13-ipsec-2.13.0-214.el8fdp.x86_64.rpm

SHA-256: 1c70940a2a05faa6256ce606ef7fad164482a4cd1bfbec9e4ad2efca4d8c750e

openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm

SHA-256: f5ce9f04a67ec29a0f22fefacc6f5f1a67617675220cce41680fd6a165487c73

python3-openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm

SHA-256: 4807af401f1eb550128f6d9c01839b7d161aafa1c5c8333aa4c93c714ebe66ce

python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.x86_64.rpm

SHA-256: 4d06e2b73b5b8b07b2e3d6f8ee04a84bbeda8895f594991a15353f067ea58e2c

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8

SRPM

openvswitch2.13-2.13.0-214.el8fdp.src.rpm

SHA-256: bd2a523b1773cee22095ffdda6d99f0c34772147b781cdb19594a5400ce573eb

ppc64le

network-scripts-openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm

SHA-256: f4250f943f5a6ba850f63e5a6f191addd8d80a98c29aadd3de581b6662d8eaf8

openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm

SHA-256: ebe055c9b7d14ff281bf6b3108d5c37ce7376701e0677c75dcf12a64ecf30456

openvswitch2.13-debuginfo-2.13.0-214.el8fdp.ppc64le.rpm

SHA-256: 86c1fc5619a376aa4d07c44cf4b841487f67a56c9a15cc690fee619880e2465b

openvswitch2.13-debugsource-2.13.0-214.el8fdp.ppc64le.rpm

SHA-256: 1d5776d54ed5bbc064949d34048e0a958fdb27c4be58a7b4f1d5bdca8babbbcf

openvswitch2.13-devel-2.13.0-214.el8fdp.ppc64le.rpm

SHA-256: da3f7009ae9161eb4ba8f3d90c899cc27050fc09c3a66dd21fc12b7b11341903

openvswitch2.13-ipsec-2.13.0-214.el8fdp.ppc64le.rpm

SHA-256: 258e1770d4b98ea1949392e21e46902581be5f930e15e775fa5c7c30b1156891

openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm

SHA-256: f5ce9f04a67ec29a0f22fefacc6f5f1a67617675220cce41680fd6a165487c73

python3-openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm

SHA-256: 28bca0d803ae03796675220472d1ca602e74744f33cfc27837abec1259f73757

python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.ppc64le.rpm

SHA-256: da94d4ab053969f38829d3cf7e0a5b8831f88e05f02f3fe88cfe35344c06d8f5

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8

SRPM

openvswitch2.13-2.13.0-214.el8fdp.src.rpm

SHA-256: bd2a523b1773cee22095ffdda6d99f0c34772147b781cdb19594a5400ce573eb

s390x

network-scripts-openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm

SHA-256: 58bc3d085817f8926fdda60d9015f498c6f8855d6fb43189b2139252da8c1581

openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm

SHA-256: c6727c215e84e63cf2ff0c7145e77a3bf787023ddead7f2d04b82ab9e62743cd

openvswitch2.13-debuginfo-2.13.0-214.el8fdp.s390x.rpm

SHA-256: dbf5c1f06d6245e373cda936368468c370ba4d044f3804631a322a5e526a8c9e

openvswitch2.13-debugsource-2.13.0-214.el8fdp.s390x.rpm

SHA-256: 634ac6da949d536a7afd33906102fab4e5ac17fbb1aa6373713e9dca0af4d97a

openvswitch2.13-devel-2.13.0-214.el8fdp.s390x.rpm

SHA-256: c3a0c5a11500de98a048f19c4cc6cbeb269b7d74bc6a8a669ec9b207769cbc0a

openvswitch2.13-ipsec-2.13.0-214.el8fdp.s390x.rpm

SHA-256: 2d0588782802877370717d42f11409874c8271aeab91364021e8e78909b1f8d1

openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm

SHA-256: f5ce9f04a67ec29a0f22fefacc6f5f1a67617675220cce41680fd6a165487c73

python3-openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm

SHA-256: 61afdd54902486d2db83ef44c8567d1b865f27956c82f5b85cf1d193fd088946

python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.s390x.rpm

SHA-256: 7b221c3a851310ad2445f1b0de29d98880821d96cd6831c782f15f79c3b1940a

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8

SRPM

openvswitch2.13-2.13.0-214.el8fdp.src.rpm

SHA-256: bd2a523b1773cee22095ffdda6d99f0c34772147b781cdb19594a5400ce573eb

aarch64

network-scripts-openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm

SHA-256: 1999778acf3c843f69d33b6615c7c4485efc901b144b013a31fdca8638799e1a

openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm

SHA-256: c883cde007b2eefd51b773ab62515fefdedf906fff29aecc879654baec12bf8e

openvswitch2.13-debuginfo-2.13.0-214.el8fdp.aarch64.rpm

SHA-256: 71ad3c1497deef4afede4984ec392d1d41d88bdf09ab86a7a7421774176e70dd

openvswitch2.13-debugsource-2.13.0-214.el8fdp.aarch64.rpm

SHA-256: 9a81322d15f8b7c08c71887b4293dcee92ba20425cdaf1f4409e90f1606d6b9b

openvswitch2.13-devel-2.13.0-214.el8fdp.aarch64.rpm

SHA-256: c197ab5a2eccd260553d5bd9c85cbe5848671974bdc615f4252ef13d66577ce9

openvswitch2.13-ipsec-2.13.0-214.el8fdp.aarch64.rpm

SHA-256: 47733fb72d9f06bdf0f7d840f4b3cce77140c6c9477f433da091d15bc5144a6e

openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm

SHA-256: f5ce9f04a67ec29a0f22fefacc6f5f1a67617675220cce41680fd6a165487c73

python3-openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm

SHA-256: 68bb0df922f5014e5f414d4f3712c4781285a8c50c357310c570a49ec3a1d298

python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.aarch64.rpm

SHA-256: bdb173b6b5c9ffe908b4f545edb0b36b0692cb2e839157cc719525eeaf9e9cb5

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202311-16

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

Red Hat Security Advisory 2023-3491-01

Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

RHSA-2023:3491: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...

Red Hat Security Advisory 2023-1823-01

Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Debian Security Advisory 5387-1

Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1770: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

RHSA-2023:1769: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...

RHSA-2023:1766: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

CVE-2023-1668: security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.