Headline
RHSA-2023:0691: Red Hat Security Advisory: openvswitch2.17 security, bug fix and enhancement update
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service.
- CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
発行日:
2023-02-09
更新日:
2023-02-09
RHSA-2023:0691 - Security Advisory
- 概要
- 更新パッケージ
概要
Moderate: openvswitch2.17 security, bug fix and enhancement update
タイプ/重大度
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
トピック
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: Out-of-Bounds Read in Organization Specific TLV (CVE-2022-4337)
- openvswitch: Integer Underflow in Organization Specific TLV (CVE-2022-4338)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
影響を受ける製品
- Red Hat Enterprise Linux Fast Datapath 9 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9 aarch64
修正
- BZ - 2155378 - CVE-2022-4337 openvswitch: Out-of-Bounds Read in Organization Specific TLV
- BZ - 2155381 - CVE-2022-4338 openvswitch: Integer Underflow in Organization Specific TLV
- BZ - 2159419 - [ovs2.11][RHEL7.7] PF/VF Port statistics get over-run in OVS offload datapath
- BZ - 2162035 - [23.A RHEL-9] Fast Datapath Release
参考資料
- https://access.redhat.com/security/updates/classification/#moderate
Red Hat Enterprise Linux Fast Datapath 9
SRPM
openvswitch2.17-2.17.0-62.el9fdp.src.rpm
SHA-256: d040e27a4f86ee25b930f94631ae728c0d898aa6740eeea6cb694cf17ef24d8d
x86_64
openvswitch2.17-2.17.0-62.el9fdp.x86_64.rpm
SHA-256: 5a09f060ffa53362b1682ddd31ba6b7fb609ad041f33bb5386ac7c7b5403b135
openvswitch2.17-debuginfo-2.17.0-62.el9fdp.x86_64.rpm
SHA-256: c35ff4bc57fd6e556af5fbbc55dc9ef967ab585a032c310cbdb7849b69ca7e8c
openvswitch2.17-debugsource-2.17.0-62.el9fdp.x86_64.rpm
SHA-256: 6bfc84e952284af309475a3399d14f3a49fb81acb8bbc0223ce1680de39eac3f
openvswitch2.17-devel-2.17.0-62.el9fdp.x86_64.rpm
SHA-256: 3c8eb264e989b66c30753d72c386fa76210eba4b88428aadd7c90dcff0b6a65e
openvswitch2.17-ipsec-2.17.0-62.el9fdp.x86_64.rpm
SHA-256: e1bb25a2c1194c801d12570bc310c9c4139abefe783343e7d464d0354c30a677
openvswitch2.17-test-2.17.0-62.el9fdp.noarch.rpm
SHA-256: 4f0afffbbcf56f0f04bcdcae873001240ae8084b5e2be73b458e9f3d34193b9a
python3-openvswitch2.17-2.17.0-62.el9fdp.x86_64.rpm
SHA-256: c22c3eab7c2c4c81d51ae0b58dcfef02896607e89abc2f927ddcebbb5cf7dea9
python3-openvswitch2.17-debuginfo-2.17.0-62.el9fdp.x86_64.rpm
SHA-256: 8fd393e4f999f8fccd1bec0f18804de1cfc0bdeec7b996a8c0689c894cd012b4
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9
SRPM
openvswitch2.17-2.17.0-62.el9fdp.src.rpm
SHA-256: d040e27a4f86ee25b930f94631ae728c0d898aa6740eeea6cb694cf17ef24d8d
ppc64le
openvswitch2.17-2.17.0-62.el9fdp.ppc64le.rpm
SHA-256: daf16299e33f212afe7f3e83e2fd63ddbb5e2e46fc3a94df6cd2dde430d79566
openvswitch2.17-debuginfo-2.17.0-62.el9fdp.ppc64le.rpm
SHA-256: e09c321e266cb2511af6b3fc42155c6701d50c0b149b48a66b3a576623532a8c
openvswitch2.17-debugsource-2.17.0-62.el9fdp.ppc64le.rpm
SHA-256: 2c1b9bab7de570e047be97e7717a114e9eda77662d5ca4e4f6b20271b9e85bce
openvswitch2.17-devel-2.17.0-62.el9fdp.ppc64le.rpm
SHA-256: fd610a3396322c595fb984a6d6cc8764748a9695c0626ba5da4e72354998d2cf
openvswitch2.17-ipsec-2.17.0-62.el9fdp.ppc64le.rpm
SHA-256: 038fb9c23a7907b1428b2c30c807a391d6de8ad5797af83e7f34dc3b99466835
openvswitch2.17-test-2.17.0-62.el9fdp.noarch.rpm
SHA-256: 4f0afffbbcf56f0f04bcdcae873001240ae8084b5e2be73b458e9f3d34193b9a
python3-openvswitch2.17-2.17.0-62.el9fdp.ppc64le.rpm
SHA-256: 6c760a1de62fab778be717d1eb59333eee52c7568cfae7e72ae9d08ad773e55e
python3-openvswitch2.17-debuginfo-2.17.0-62.el9fdp.ppc64le.rpm
SHA-256: 8b477b12ae33eff303fcb1796f4d48b267934fc66075d95d45fac49df28f62b7
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9
SRPM
openvswitch2.17-2.17.0-62.el9fdp.src.rpm
SHA-256: d040e27a4f86ee25b930f94631ae728c0d898aa6740eeea6cb694cf17ef24d8d
s390x
openvswitch2.17-2.17.0-62.el9fdp.s390x.rpm
SHA-256: a4a2ab656e099b672a488aac197fe43ffb8ce091cf26289e23e8101e99142285
openvswitch2.17-debuginfo-2.17.0-62.el9fdp.s390x.rpm
SHA-256: 397c96aead3d46820bfc33d260fcf447464d0127d79cdbaa4d4f4e0b4385ad70
openvswitch2.17-debugsource-2.17.0-62.el9fdp.s390x.rpm
SHA-256: 9c2e03d91e841768128900facca9c4e9d750d79f1e7aa2bafbda78c2804a190d
openvswitch2.17-devel-2.17.0-62.el9fdp.s390x.rpm
SHA-256: 7d846f0b1fce2591be09582c0f65238eb086c4d09581245ca25e26dd6f4cea4c
openvswitch2.17-ipsec-2.17.0-62.el9fdp.s390x.rpm
SHA-256: 300eea52dc87ca3cd84edc4f688bf82da93068e03957f1712a22dd45c5497d2d
openvswitch2.17-test-2.17.0-62.el9fdp.noarch.rpm
SHA-256: 4f0afffbbcf56f0f04bcdcae873001240ae8084b5e2be73b458e9f3d34193b9a
python3-openvswitch2.17-2.17.0-62.el9fdp.s390x.rpm
SHA-256: b625a1144f0e9f2a762643b645da1662502562b4a9b5086c207d12149dcd728d
python3-openvswitch2.17-debuginfo-2.17.0-62.el9fdp.s390x.rpm
SHA-256: 9a0d2d7f1d067890b46819d23f2a3410a3940cf55c5ab281d194cc36988d99f1
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9
SRPM
openvswitch2.17-2.17.0-62.el9fdp.src.rpm
SHA-256: d040e27a4f86ee25b930f94631ae728c0d898aa6740eeea6cb694cf17ef24d8d
aarch64
openvswitch2.17-2.17.0-62.el9fdp.aarch64.rpm
SHA-256: 5ca2f64cbf7d5deead8181b2b710ad1c2f5a7eb05e963776be439b2bd6b9d76b
openvswitch2.17-debuginfo-2.17.0-62.el9fdp.aarch64.rpm
SHA-256: 9e4efb3a543d4080651925ac3051feb4d7101c70acd4047d2805569478276dd0
openvswitch2.17-debugsource-2.17.0-62.el9fdp.aarch64.rpm
SHA-256: 8d13d6990993837685d086e10c5150ad0ea82594909f00553965c6d3bf4f747e
openvswitch2.17-devel-2.17.0-62.el9fdp.aarch64.rpm
SHA-256: 9acc80fcccbc7deb713ed6233747f5fba4a386d8af098126c2bfcbf418e2331a
openvswitch2.17-ipsec-2.17.0-62.el9fdp.aarch64.rpm
SHA-256: cb498017dfc4aed1af01b00ca2531c9c783f27daef2aa3706e7d25259999d872
openvswitch2.17-test-2.17.0-62.el9fdp.noarch.rpm
SHA-256: 4f0afffbbcf56f0f04bcdcae873001240ae8084b5e2be73b458e9f3d34193b9a
python3-openvswitch2.17-2.17.0-62.el9fdp.aarch64.rpm
SHA-256: cc1bf6bc0a715ffa071b20aa39ea5b74994ca4b5ff9244e782a7bf2b382f6956
python3-openvswitch2.17-debuginfo-2.17.0-62.el9fdp.aarch64.rpm
SHA-256: 67b45c53215faaa658c94ba9ae7637dc104fec4765a9fb04904acc4b144182f6
Red Hat のセキュリティーに関する連絡先は [email protected] です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat OpenShift Container Platform release 4.10.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeri...
Ubuntu Security Notice 5890-1 - Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.
Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...
Red Hat Security Advisory 2023-0691-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0685-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0688-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0689-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0687-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
Debian Linux Security Advisory 5319-1 - Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, software-based Ethernet virtual switch, which could result in denial of service.
Debian Linux Security Advisory 5319-1 - Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, software-based Ethernet virtual switch, which could result in denial of service.
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.