Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1824: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-18

Updated:

2023-04-18

RHSA-2023:1824 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch2.15 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [23.C RHEL-8] Fast Datapath Release (BZ#2184496)

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 8 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64

Fixes

  • BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
  • BZ - 2184496 - [23.C RHEL-8] Fast Datapath Release

Red Hat Enterprise Linux Fast Datapath 8

SRPM

openvswitch2.15-2.15.0-136.el8fdp.src.rpm

SHA-256: 4f94adb4f9b0ad227bb1292a7f6a2da93ada525c2c2e0b4308b3b21f04d07d03

x86_64

network-scripts-openvswitch2.15-2.15.0-136.el8fdp.x86_64.rpm

SHA-256: 7c97cbd12918a9da5af03a889021befa12b206de6452b58d8904b8189d9692b9

openvswitch2.15-2.15.0-136.el8fdp.x86_64.rpm

SHA-256: 474624a0a0de119824782240460af9ff7c2d77b2559b0f4e34c0a7a58a636805

openvswitch2.15-debuginfo-2.15.0-136.el8fdp.x86_64.rpm

SHA-256: ca18733f5c9b0532915fa05fac50177219876bee33d3ca32469952ddb18506d5

openvswitch2.15-debugsource-2.15.0-136.el8fdp.x86_64.rpm

SHA-256: 446cdea0383f4542678ff40e1052d65268f35491d1e13d3e097d900b3576e7bb

openvswitch2.15-devel-2.15.0-136.el8fdp.x86_64.rpm

SHA-256: 36197e75ae79d8e4235dde446ddbb6548018f925dde689847071e7dec4ffc5e2

openvswitch2.15-ipsec-2.15.0-136.el8fdp.x86_64.rpm

SHA-256: d934cc8bf24a7e36938ed470d0b451922949381f46d3d41046d3c3377e83514b

openvswitch2.15-test-2.15.0-136.el8fdp.noarch.rpm

SHA-256: 8dafff0e9f80ecc1b0ff58050b5d41f1f32d31a8472b5dcad31becfb92685370

python3-openvswitch2.15-2.15.0-136.el8fdp.x86_64.rpm

SHA-256: a65c2d1dd18bd5c19846ef6a26a30b6775d5db7361d0fc6a2af1f5ab493dfbdd

python3-openvswitch2.15-debuginfo-2.15.0-136.el8fdp.x86_64.rpm

SHA-256: ba2b3f5a74612db2ed636621608e0f6f8ed37ab3f4c050ef24fcea2277c5f539

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8

SRPM

openvswitch2.15-2.15.0-136.el8fdp.src.rpm

SHA-256: 4f94adb4f9b0ad227bb1292a7f6a2da93ada525c2c2e0b4308b3b21f04d07d03

ppc64le

network-scripts-openvswitch2.15-2.15.0-136.el8fdp.ppc64le.rpm

SHA-256: 2b7338dcb5abc380bfcdaae715dd62e83b4d79e964d1a16565db890ed8fbee91

openvswitch2.15-2.15.0-136.el8fdp.ppc64le.rpm

SHA-256: 6e829b6f11509464343394fba21979575fc61968fa855ef3e4fb0dd88e5eca96

openvswitch2.15-debuginfo-2.15.0-136.el8fdp.ppc64le.rpm

SHA-256: c792d95b3d248804faf38404fd045ccf92fa3295aab2beaf71f1284258626077

openvswitch2.15-debugsource-2.15.0-136.el8fdp.ppc64le.rpm

SHA-256: 5d2acd082d624e8b9e4c19a7fc5502dbde3d5bc7367bca1d8c9ea77be22bec64

openvswitch2.15-devel-2.15.0-136.el8fdp.ppc64le.rpm

SHA-256: 7bd3596c5925971b7408f10d4f7c40524783d12f40a2b46adc59557e4d1defd8

openvswitch2.15-ipsec-2.15.0-136.el8fdp.ppc64le.rpm

SHA-256: a962b332a7f3e1354a01b6c79372b866a73ad76cd83237c86aa38d3779723f8c

openvswitch2.15-test-2.15.0-136.el8fdp.noarch.rpm

SHA-256: 8dafff0e9f80ecc1b0ff58050b5d41f1f32d31a8472b5dcad31becfb92685370

python3-openvswitch2.15-2.15.0-136.el8fdp.ppc64le.rpm

SHA-256: be26d7e9ac81bac3ab744e1d7db2b3af9c4a0dfcae8266f92aa5dde4c4715ca6

python3-openvswitch2.15-debuginfo-2.15.0-136.el8fdp.ppc64le.rpm

SHA-256: 032b36cda7fe40ef72e17ce4977a57a6b97e4288afc38ce190766b6fa4a28e9f

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8

SRPM

openvswitch2.15-2.15.0-136.el8fdp.src.rpm

SHA-256: 4f94adb4f9b0ad227bb1292a7f6a2da93ada525c2c2e0b4308b3b21f04d07d03

s390x

network-scripts-openvswitch2.15-2.15.0-136.el8fdp.s390x.rpm

SHA-256: 8caa2bb2dbe92eebb9843e19a4b281c46e1ca1ed8d1ba51e18a5aa2bf7ca5f98

openvswitch2.15-2.15.0-136.el8fdp.s390x.rpm

SHA-256: c03774d4a768cb3e7f93237acf6f65f932fc03eecfd06b5618d715098fb72d91

openvswitch2.15-debuginfo-2.15.0-136.el8fdp.s390x.rpm

SHA-256: 0598877974f071f46237784fdd87a1b075f96017b3c7302bca9875f249dbf554

openvswitch2.15-debugsource-2.15.0-136.el8fdp.s390x.rpm

SHA-256: dda0f5a0edc10681ddcdf68e652ba92d36e647c69d807d0935a004ca700158f2

openvswitch2.15-devel-2.15.0-136.el8fdp.s390x.rpm

SHA-256: 320d4ee0ee0e879ab15c13b1f12eb2e483b011ab09a5d997f42bc6bc67763414

openvswitch2.15-ipsec-2.15.0-136.el8fdp.s390x.rpm

SHA-256: 7ed102520e266a770ec79db29a09048df87842bb562f390748a89410879736c7

openvswitch2.15-test-2.15.0-136.el8fdp.noarch.rpm

SHA-256: 8dafff0e9f80ecc1b0ff58050b5d41f1f32d31a8472b5dcad31becfb92685370

python3-openvswitch2.15-2.15.0-136.el8fdp.s390x.rpm

SHA-256: de1e1aa3c098d597501f9103e6deb031361595e50ea57e7fa41182f456bb48a9

python3-openvswitch2.15-debuginfo-2.15.0-136.el8fdp.s390x.rpm

SHA-256: dd9535ec2ed24f648ad4671c6f2dea48062e221c0382daa372f89e61851cad20

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8

SRPM

openvswitch2.15-2.15.0-136.el8fdp.src.rpm

SHA-256: 4f94adb4f9b0ad227bb1292a7f6a2da93ada525c2c2e0b4308b3b21f04d07d03

aarch64

network-scripts-openvswitch2.15-2.15.0-136.el8fdp.aarch64.rpm

SHA-256: 653a8a85fd9ea4e97e513f35cbd42701bd64bb90046ad8318ed14272c9ba4efe

openvswitch2.15-2.15.0-136.el8fdp.aarch64.rpm

SHA-256: 0b975edc7c704f56b6ce88e1c52d2cafb07c29c925f8af73247d8d0937a91349

openvswitch2.15-debuginfo-2.15.0-136.el8fdp.aarch64.rpm

SHA-256: 08e2ff42a4672c8be1fe87888fd03972f28369ae683eee9399991ae50b9c4e85

openvswitch2.15-debugsource-2.15.0-136.el8fdp.aarch64.rpm

SHA-256: 7fd7b6b554b34ca43ddaf4cac437b4cafaafb36e87e3fa3f68dab57e93979e62

openvswitch2.15-devel-2.15.0-136.el8fdp.aarch64.rpm

SHA-256: fe237f5ac5d34974163157cfed246feae0fdd9fa8c50bd9a5d3864aa096802a6

openvswitch2.15-ipsec-2.15.0-136.el8fdp.aarch64.rpm

SHA-256: 8334e1c1a32152eae1bd04b96e11409f0c793a28a275f2002057ce9ceb392e72

openvswitch2.15-test-2.15.0-136.el8fdp.noarch.rpm

SHA-256: 8dafff0e9f80ecc1b0ff58050b5d41f1f32d31a8472b5dcad31becfb92685370

python3-openvswitch2.15-2.15.0-136.el8fdp.aarch64.rpm

SHA-256: 1fef536d241633ff8f801571f485756c2d28b2bb70f67ec7bb7b674fe095e02a

python3-openvswitch2.15-debuginfo-2.15.0-136.el8fdp.aarch64.rpm

SHA-256: 09fb3e595a36d1d049b341ec1a392e51e1687e65d4ea783beb4895da6402cfe2

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:3491: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...

Ubuntu Security Notice USN-6068-1

Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-1823-01

Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Debian Security Advisory 5387-1

Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1770: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

RHSA-2023:1769: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...

RHSA-2023:1766: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

CVE-2023-1668: security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.