Headline
RHSA-2023:1823: Red Hat Security Advisory: openvswitch2.13 security update
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-18
Updated:
2023-04-18
RHSA-2023:1823 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch2.13 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-8] Fast Datapath Release (BZ#2184495)
Affected Products
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
Fixes
- BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
- BZ - 2184495 - [23.C RHEL-8] Fast Datapath Release
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch2.13-2.13.0-214.el8fdp.src.rpm
SHA-256: bd2a523b1773cee22095ffdda6d99f0c34772147b781cdb19594a5400ce573eb
x86_64
network-scripts-openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm
SHA-256: 85b4a54b36280226c10c1426a82e68fddf7fe08021616c049aabfd0c54795e77
openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm
SHA-256: 525c764dd0c122ecad501fd0f7467d4db25ab915404cd0f9265462fc50218e94
openvswitch2.13-debuginfo-2.13.0-214.el8fdp.x86_64.rpm
SHA-256: 314f543ee99ae8049b3f10ee14b50a9b97b78fd005dd1801e10434cb14a00987
openvswitch2.13-debugsource-2.13.0-214.el8fdp.x86_64.rpm
SHA-256: 6532d7f21ad7a1377e3dc050d391d121332447cfba6e508766b00c122dcccf92
openvswitch2.13-devel-2.13.0-214.el8fdp.x86_64.rpm
SHA-256: 5dda138ab8825f337a86011ca6f65c5bb3aee84d29b8113b96a1ff5f65e2a5e2
openvswitch2.13-ipsec-2.13.0-214.el8fdp.x86_64.rpm
SHA-256: 1c70940a2a05faa6256ce606ef7fad164482a4cd1bfbec9e4ad2efca4d8c750e
openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm
SHA-256: f5ce9f04a67ec29a0f22fefacc6f5f1a67617675220cce41680fd6a165487c73
python3-openvswitch2.13-2.13.0-214.el8fdp.x86_64.rpm
SHA-256: 4807af401f1eb550128f6d9c01839b7d161aafa1c5c8333aa4c93c714ebe66ce
python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.x86_64.rpm
SHA-256: 4d06e2b73b5b8b07b2e3d6f8ee04a84bbeda8895f594991a15353f067ea58e2c
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch2.13-2.13.0-214.el8fdp.src.rpm
SHA-256: bd2a523b1773cee22095ffdda6d99f0c34772147b781cdb19594a5400ce573eb
ppc64le
network-scripts-openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm
SHA-256: f4250f943f5a6ba850f63e5a6f191addd8d80a98c29aadd3de581b6662d8eaf8
openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm
SHA-256: ebe055c9b7d14ff281bf6b3108d5c37ce7376701e0677c75dcf12a64ecf30456
openvswitch2.13-debuginfo-2.13.0-214.el8fdp.ppc64le.rpm
SHA-256: 86c1fc5619a376aa4d07c44cf4b841487f67a56c9a15cc690fee619880e2465b
openvswitch2.13-debugsource-2.13.0-214.el8fdp.ppc64le.rpm
SHA-256: 1d5776d54ed5bbc064949d34048e0a958fdb27c4be58a7b4f1d5bdca8babbbcf
openvswitch2.13-devel-2.13.0-214.el8fdp.ppc64le.rpm
SHA-256: da3f7009ae9161eb4ba8f3d90c899cc27050fc09c3a66dd21fc12b7b11341903
openvswitch2.13-ipsec-2.13.0-214.el8fdp.ppc64le.rpm
SHA-256: 258e1770d4b98ea1949392e21e46902581be5f930e15e775fa5c7c30b1156891
openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm
SHA-256: f5ce9f04a67ec29a0f22fefacc6f5f1a67617675220cce41680fd6a165487c73
python3-openvswitch2.13-2.13.0-214.el8fdp.ppc64le.rpm
SHA-256: 28bca0d803ae03796675220472d1ca602e74744f33cfc27837abec1259f73757
python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.ppc64le.rpm
SHA-256: da94d4ab053969f38829d3cf7e0a5b8831f88e05f02f3fe88cfe35344c06d8f5
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch2.13-2.13.0-214.el8fdp.src.rpm
SHA-256: bd2a523b1773cee22095ffdda6d99f0c34772147b781cdb19594a5400ce573eb
s390x
network-scripts-openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm
SHA-256: 58bc3d085817f8926fdda60d9015f498c6f8855d6fb43189b2139252da8c1581
openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm
SHA-256: c6727c215e84e63cf2ff0c7145e77a3bf787023ddead7f2d04b82ab9e62743cd
openvswitch2.13-debuginfo-2.13.0-214.el8fdp.s390x.rpm
SHA-256: dbf5c1f06d6245e373cda936368468c370ba4d044f3804631a322a5e526a8c9e
openvswitch2.13-debugsource-2.13.0-214.el8fdp.s390x.rpm
SHA-256: 634ac6da949d536a7afd33906102fab4e5ac17fbb1aa6373713e9dca0af4d97a
openvswitch2.13-devel-2.13.0-214.el8fdp.s390x.rpm
SHA-256: c3a0c5a11500de98a048f19c4cc6cbeb269b7d74bc6a8a669ec9b207769cbc0a
openvswitch2.13-ipsec-2.13.0-214.el8fdp.s390x.rpm
SHA-256: 2d0588782802877370717d42f11409874c8271aeab91364021e8e78909b1f8d1
openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm
SHA-256: f5ce9f04a67ec29a0f22fefacc6f5f1a67617675220cce41680fd6a165487c73
python3-openvswitch2.13-2.13.0-214.el8fdp.s390x.rpm
SHA-256: 61afdd54902486d2db83ef44c8567d1b865f27956c82f5b85cf1d193fd088946
python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.s390x.rpm
SHA-256: 7b221c3a851310ad2445f1b0de29d98880821d96cd6831c782f15f79c3b1940a
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch2.13-2.13.0-214.el8fdp.src.rpm
SHA-256: bd2a523b1773cee22095ffdda6d99f0c34772147b781cdb19594a5400ce573eb
aarch64
network-scripts-openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm
SHA-256: 1999778acf3c843f69d33b6615c7c4485efc901b144b013a31fdca8638799e1a
openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm
SHA-256: c883cde007b2eefd51b773ab62515fefdedf906fff29aecc879654baec12bf8e
openvswitch2.13-debuginfo-2.13.0-214.el8fdp.aarch64.rpm
SHA-256: 71ad3c1497deef4afede4984ec392d1d41d88bdf09ab86a7a7421774176e70dd
openvswitch2.13-debugsource-2.13.0-214.el8fdp.aarch64.rpm
SHA-256: 9a81322d15f8b7c08c71887b4293dcee92ba20425cdaf1f4409e90f1606d6b9b
openvswitch2.13-devel-2.13.0-214.el8fdp.aarch64.rpm
SHA-256: c197ab5a2eccd260553d5bd9c85cbe5848671974bdc615f4252ef13d66577ce9
openvswitch2.13-ipsec-2.13.0-214.el8fdp.aarch64.rpm
SHA-256: 47733fb72d9f06bdf0f7d840f4b3cce77140c6c9477f433da091d15bc5144a6e
openvswitch2.13-test-2.13.0-214.el8fdp.noarch.rpm
SHA-256: f5ce9f04a67ec29a0f22fefacc6f5f1a67617675220cce41680fd6a165487c73
python3-openvswitch2.13-2.13.0-214.el8fdp.aarch64.rpm
SHA-256: 68bb0df922f5014e5f414d4f3712c4781285a8c50c357310c570a49ec3a1d298
python3-openvswitch2.13-debuginfo-2.13.0-214.el8fdp.aarch64.rpm
SHA-256: bdb173b6b5c9ffe908b4f545edb0b36b0692cb2e839157cc719525eeaf9e9cb5
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.