Headline
RHSA-2023:0688: Red Hat Security Advisory: openvswitch2.17 security, bug fix and enhancement update
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service.
- CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-02-09
Updated:
2023-02-09
RHSA-2023:0688 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch2.17 security, bug fix and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: Out-of-Bounds Read in Organization Specific TLV (CVE-2022-4337)
- openvswitch: Integer Underflow in Organization Specific TLV (CVE-2022-4338)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
Fixes
- BZ - 2155378 - CVE-2022-4337 openvswitch: Out-of-Bounds Read in Organization Specific TLV
- BZ - 2155381 - CVE-2022-4338 openvswitch: Integer Underflow in Organization Specific TLV
- BZ - 2162034 - [23.A RHEL-8] Fast Datapath Release
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch2.17-2.17.0-71.el8fdp.src.rpm
SHA-256: 5d4b1a9be5d4d90441d8c656c8026e1d2c3f3858178909b21facf30c6a33dbd1
x86_64
network-scripts-openvswitch2.17-2.17.0-71.el8fdp.x86_64.rpm
SHA-256: 496e1cfaa987177b759915bff082180e39cd88cb9885731c2f0389bd3d06d651
openvswitch2.17-2.17.0-71.el8fdp.x86_64.rpm
SHA-256: e205dee4c3cf6f797f06e47823a9dfde00eeb0baa66b948f684fb4e2767d51e7
openvswitch2.17-debuginfo-2.17.0-71.el8fdp.x86_64.rpm
SHA-256: a9e67e25c15e73db1e97d6adc2806b2728f19feed403583c13b270e1e7c064dd
openvswitch2.17-debugsource-2.17.0-71.el8fdp.x86_64.rpm
SHA-256: 90420dca67402a55cddeee0cd14d373d2315d12163fbae79e431524e45aceb7b
openvswitch2.17-devel-2.17.0-71.el8fdp.x86_64.rpm
SHA-256: 75fde6eb0eb1814e9dfda98014f1abc30554e9b0f1945eb7fa5ec6286d79987e
openvswitch2.17-ipsec-2.17.0-71.el8fdp.x86_64.rpm
SHA-256: f055559b9c5237a541e134ca915b997440b23636bc8795101b60052b9d456a32
openvswitch2.17-test-2.17.0-71.el8fdp.noarch.rpm
SHA-256: 402c132b76117bbc9dac76df89ab8544aefbda892a0533f38bc48d393bba3aab
python3-openvswitch2.17-2.17.0-71.el8fdp.x86_64.rpm
SHA-256: 33aacdc28cd41b9515624176e37eda0a96c7373c5ed53267220541f09f0054e9
python3-openvswitch2.17-debuginfo-2.17.0-71.el8fdp.x86_64.rpm
SHA-256: 84428326b98251254e14043034d3df1cf74d0aff2f00000ccf0ba6c3ba234f6f
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch2.17-2.17.0-71.el8fdp.src.rpm
SHA-256: 5d4b1a9be5d4d90441d8c656c8026e1d2c3f3858178909b21facf30c6a33dbd1
ppc64le
network-scripts-openvswitch2.17-2.17.0-71.el8fdp.ppc64le.rpm
SHA-256: 00ab033cd75acd1cc355b39e9ed2634d5fe4699994990a4874e0f71090df7688
openvswitch2.17-2.17.0-71.el8fdp.ppc64le.rpm
SHA-256: 9d5597cf8e017ee3e53cf9ad070fe38999710e7d59d5ed516422761477b64680
openvswitch2.17-debuginfo-2.17.0-71.el8fdp.ppc64le.rpm
SHA-256: df2e25030c642be624aecc0643757773d7d971f7dc05709a52356b9e45938cb3
openvswitch2.17-debugsource-2.17.0-71.el8fdp.ppc64le.rpm
SHA-256: 3d6c6a958f64c6f12de993176cd944b24d85d5b469cfc8ef4395b8ef0b500242
openvswitch2.17-devel-2.17.0-71.el8fdp.ppc64le.rpm
SHA-256: 49b84cebdb5f032c7e380b3548cf93350d446b8a958986aceec8b8115a530ff8
openvswitch2.17-ipsec-2.17.0-71.el8fdp.ppc64le.rpm
SHA-256: 2bc4da8176cfc6537749496d4f90a96f69df51cdb07779a40c23e7597e62f95f
openvswitch2.17-test-2.17.0-71.el8fdp.noarch.rpm
SHA-256: 402c132b76117bbc9dac76df89ab8544aefbda892a0533f38bc48d393bba3aab
python3-openvswitch2.17-2.17.0-71.el8fdp.ppc64le.rpm
SHA-256: 0ecdbb2ce6b03609c7322d29bf7ddf3d72a9fd36e5a5e5a46d97528bf01109fe
python3-openvswitch2.17-debuginfo-2.17.0-71.el8fdp.ppc64le.rpm
SHA-256: 50261b965f61f149e630f2b1d23b14467ef9a08696ed22bbe9dbc14fae21cd1f
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch2.17-2.17.0-71.el8fdp.src.rpm
SHA-256: 5d4b1a9be5d4d90441d8c656c8026e1d2c3f3858178909b21facf30c6a33dbd1
s390x
network-scripts-openvswitch2.17-2.17.0-71.el8fdp.s390x.rpm
SHA-256: d929187e3496e9314a19e25291fa9208e2214f94737031508041fcd96715504e
openvswitch2.17-2.17.0-71.el8fdp.s390x.rpm
SHA-256: 38015a8e9c99c0a89c520ab7070835d69ddaf1eb8b289e5eb06ed12a59bfd8a6
openvswitch2.17-debuginfo-2.17.0-71.el8fdp.s390x.rpm
SHA-256: 892c38feb3cebed5b94ae79502f5c6ff853096ae0fd4d9da1421e673d014b2f2
openvswitch2.17-debugsource-2.17.0-71.el8fdp.s390x.rpm
SHA-256: 49455c9857b3aedea50a8e5a87986f1c82d8ea96fe2e9af55e4b45836f8aab4b
openvswitch2.17-devel-2.17.0-71.el8fdp.s390x.rpm
SHA-256: e81ab9c924cbc55260e632bdd3c11deb85a554db52aa23bfb6fdc6f6ef967c9c
openvswitch2.17-ipsec-2.17.0-71.el8fdp.s390x.rpm
SHA-256: 48a0bfd5a39cadf3520fdead630a86fb38cba63b77590579038be023046064d0
openvswitch2.17-test-2.17.0-71.el8fdp.noarch.rpm
SHA-256: 402c132b76117bbc9dac76df89ab8544aefbda892a0533f38bc48d393bba3aab
python3-openvswitch2.17-2.17.0-71.el8fdp.s390x.rpm
SHA-256: 1f475ddb870e0ed3ac90a3d922d9558e2d196b996eb0e9120d31e708cf331245
python3-openvswitch2.17-debuginfo-2.17.0-71.el8fdp.s390x.rpm
SHA-256: d143852895691d9ae66bee1a894db9cfc58ce5fd53e2bac1da655a6f4dd1678b
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch2.17-2.17.0-71.el8fdp.src.rpm
SHA-256: 5d4b1a9be5d4d90441d8c656c8026e1d2c3f3858178909b21facf30c6a33dbd1
aarch64
network-scripts-openvswitch2.17-2.17.0-71.el8fdp.aarch64.rpm
SHA-256: 49da06cbb976e40838ce9db1a45e07422cfb33dfaa03bfd707a39dfe3e84b5e0
openvswitch2.17-2.17.0-71.el8fdp.aarch64.rpm
SHA-256: 5dc95f7dda03ff7231fb34debea5e6548798ca3ce1e9710e321218b75951aab0
openvswitch2.17-debuginfo-2.17.0-71.el8fdp.aarch64.rpm
SHA-256: dc163c7b037c977ec0d0f3084ee7400dbc8a8fa5dee10ca48773b7b9a51f8d4f
openvswitch2.17-debugsource-2.17.0-71.el8fdp.aarch64.rpm
SHA-256: b1882be2127bd952740bb782bc485609187ca956191a18285a9b66119562126f
openvswitch2.17-devel-2.17.0-71.el8fdp.aarch64.rpm
SHA-256: 346e8fbb2d79a10d71c98cc0718eeaf12c80f14d09c3cf9b94590714564abd7b
openvswitch2.17-ipsec-2.17.0-71.el8fdp.aarch64.rpm
SHA-256: d5a600da6e796e3aa32d6588b44e339e606ac7395581cff75be8862d6ae4a1f6
openvswitch2.17-test-2.17.0-71.el8fdp.noarch.rpm
SHA-256: 402c132b76117bbc9dac76df89ab8544aefbda892a0533f38bc48d393bba3aab
python3-openvswitch2.17-2.17.0-71.el8fdp.aarch64.rpm
SHA-256: 46ecffd39009fe26beccd0815d7d6d5c886d414c4be76c32704556c7aa826bc5
python3-openvswitch2.17-debuginfo-2.17.0-71.el8fdp.aarch64.rpm
SHA-256: 56d3ed89a87cb49396e892ceafd4752784270eb0e73163857fc9f3ab6eef0823
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat OpenShift Container Platform release 4.10.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeri...
Ubuntu Security Notice 5890-1 - Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.
Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Red Hat Security Advisory 2023-0774-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.28. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
Red Hat Security Advisory 2023-0769-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...
Red Hat Security Advisory 2023-0691-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0685-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0688-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0689-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2023-0687-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.16 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4337: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. * CVE-2022-4338: A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
Debian Linux Security Advisory 5319-1 - Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, software-based Ethernet virtual switch, which could result in denial of service.
Debian Linux Security Advisory 5319-1 - Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, software-based Ethernet virtual switch, which could result in denial of service.
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.