Headline
RHSA-2023:1824: Red Hat Security Advisory: openvswitch2.15 security update
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-18
Updated:
2023-04-18
RHSA-2023:1824 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch2.15 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for
the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-8] Fast Datapath Release (BZ#2184496)
Affected Products
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
Fixes
- BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
- BZ - 2184496 - [23.C RHEL-8] Fast Datapath Release
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch2.15-2.15.0-136.el8fdp.src.rpm
SHA-256: 4f94adb4f9b0ad227bb1292a7f6a2da93ada525c2c2e0b4308b3b21f04d07d03
x86_64
network-scripts-openvswitch2.15-2.15.0-136.el8fdp.x86_64.rpm
SHA-256: 7c97cbd12918a9da5af03a889021befa12b206de6452b58d8904b8189d9692b9
openvswitch2.15-2.15.0-136.el8fdp.x86_64.rpm
SHA-256: 474624a0a0de119824782240460af9ff7c2d77b2559b0f4e34c0a7a58a636805
openvswitch2.15-debuginfo-2.15.0-136.el8fdp.x86_64.rpm
SHA-256: ca18733f5c9b0532915fa05fac50177219876bee33d3ca32469952ddb18506d5
openvswitch2.15-debugsource-2.15.0-136.el8fdp.x86_64.rpm
SHA-256: 446cdea0383f4542678ff40e1052d65268f35491d1e13d3e097d900b3576e7bb
openvswitch2.15-devel-2.15.0-136.el8fdp.x86_64.rpm
SHA-256: 36197e75ae79d8e4235dde446ddbb6548018f925dde689847071e7dec4ffc5e2
openvswitch2.15-ipsec-2.15.0-136.el8fdp.x86_64.rpm
SHA-256: d934cc8bf24a7e36938ed470d0b451922949381f46d3d41046d3c3377e83514b
openvswitch2.15-test-2.15.0-136.el8fdp.noarch.rpm
SHA-256: 8dafff0e9f80ecc1b0ff58050b5d41f1f32d31a8472b5dcad31becfb92685370
python3-openvswitch2.15-2.15.0-136.el8fdp.x86_64.rpm
SHA-256: a65c2d1dd18bd5c19846ef6a26a30b6775d5db7361d0fc6a2af1f5ab493dfbdd
python3-openvswitch2.15-debuginfo-2.15.0-136.el8fdp.x86_64.rpm
SHA-256: ba2b3f5a74612db2ed636621608e0f6f8ed37ab3f4c050ef24fcea2277c5f539
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch2.15-2.15.0-136.el8fdp.src.rpm
SHA-256: 4f94adb4f9b0ad227bb1292a7f6a2da93ada525c2c2e0b4308b3b21f04d07d03
ppc64le
network-scripts-openvswitch2.15-2.15.0-136.el8fdp.ppc64le.rpm
SHA-256: 2b7338dcb5abc380bfcdaae715dd62e83b4d79e964d1a16565db890ed8fbee91
openvswitch2.15-2.15.0-136.el8fdp.ppc64le.rpm
SHA-256: 6e829b6f11509464343394fba21979575fc61968fa855ef3e4fb0dd88e5eca96
openvswitch2.15-debuginfo-2.15.0-136.el8fdp.ppc64le.rpm
SHA-256: c792d95b3d248804faf38404fd045ccf92fa3295aab2beaf71f1284258626077
openvswitch2.15-debugsource-2.15.0-136.el8fdp.ppc64le.rpm
SHA-256: 5d2acd082d624e8b9e4c19a7fc5502dbde3d5bc7367bca1d8c9ea77be22bec64
openvswitch2.15-devel-2.15.0-136.el8fdp.ppc64le.rpm
SHA-256: 7bd3596c5925971b7408f10d4f7c40524783d12f40a2b46adc59557e4d1defd8
openvswitch2.15-ipsec-2.15.0-136.el8fdp.ppc64le.rpm
SHA-256: a962b332a7f3e1354a01b6c79372b866a73ad76cd83237c86aa38d3779723f8c
openvswitch2.15-test-2.15.0-136.el8fdp.noarch.rpm
SHA-256: 8dafff0e9f80ecc1b0ff58050b5d41f1f32d31a8472b5dcad31becfb92685370
python3-openvswitch2.15-2.15.0-136.el8fdp.ppc64le.rpm
SHA-256: be26d7e9ac81bac3ab744e1d7db2b3af9c4a0dfcae8266f92aa5dde4c4715ca6
python3-openvswitch2.15-debuginfo-2.15.0-136.el8fdp.ppc64le.rpm
SHA-256: 032b36cda7fe40ef72e17ce4977a57a6b97e4288afc38ce190766b6fa4a28e9f
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch2.15-2.15.0-136.el8fdp.src.rpm
SHA-256: 4f94adb4f9b0ad227bb1292a7f6a2da93ada525c2c2e0b4308b3b21f04d07d03
s390x
network-scripts-openvswitch2.15-2.15.0-136.el8fdp.s390x.rpm
SHA-256: 8caa2bb2dbe92eebb9843e19a4b281c46e1ca1ed8d1ba51e18a5aa2bf7ca5f98
openvswitch2.15-2.15.0-136.el8fdp.s390x.rpm
SHA-256: c03774d4a768cb3e7f93237acf6f65f932fc03eecfd06b5618d715098fb72d91
openvswitch2.15-debuginfo-2.15.0-136.el8fdp.s390x.rpm
SHA-256: 0598877974f071f46237784fdd87a1b075f96017b3c7302bca9875f249dbf554
openvswitch2.15-debugsource-2.15.0-136.el8fdp.s390x.rpm
SHA-256: dda0f5a0edc10681ddcdf68e652ba92d36e647c69d807d0935a004ca700158f2
openvswitch2.15-devel-2.15.0-136.el8fdp.s390x.rpm
SHA-256: 320d4ee0ee0e879ab15c13b1f12eb2e483b011ab09a5d997f42bc6bc67763414
openvswitch2.15-ipsec-2.15.0-136.el8fdp.s390x.rpm
SHA-256: 7ed102520e266a770ec79db29a09048df87842bb562f390748a89410879736c7
openvswitch2.15-test-2.15.0-136.el8fdp.noarch.rpm
SHA-256: 8dafff0e9f80ecc1b0ff58050b5d41f1f32d31a8472b5dcad31becfb92685370
python3-openvswitch2.15-2.15.0-136.el8fdp.s390x.rpm
SHA-256: de1e1aa3c098d597501f9103e6deb031361595e50ea57e7fa41182f456bb48a9
python3-openvswitch2.15-debuginfo-2.15.0-136.el8fdp.s390x.rpm
SHA-256: dd9535ec2ed24f648ad4671c6f2dea48062e221c0382daa372f89e61851cad20
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch2.15-2.15.0-136.el8fdp.src.rpm
SHA-256: 4f94adb4f9b0ad227bb1292a7f6a2da93ada525c2c2e0b4308b3b21f04d07d03
aarch64
network-scripts-openvswitch2.15-2.15.0-136.el8fdp.aarch64.rpm
SHA-256: 653a8a85fd9ea4e97e513f35cbd42701bd64bb90046ad8318ed14272c9ba4efe
openvswitch2.15-2.15.0-136.el8fdp.aarch64.rpm
SHA-256: 0b975edc7c704f56b6ce88e1c52d2cafb07c29c925f8af73247d8d0937a91349
openvswitch2.15-debuginfo-2.15.0-136.el8fdp.aarch64.rpm
SHA-256: 08e2ff42a4672c8be1fe87888fd03972f28369ae683eee9399991ae50b9c4e85
openvswitch2.15-debugsource-2.15.0-136.el8fdp.aarch64.rpm
SHA-256: 7fd7b6b554b34ca43ddaf4cac437b4cafaafb36e87e3fa3f68dab57e93979e62
openvswitch2.15-devel-2.15.0-136.el8fdp.aarch64.rpm
SHA-256: fe237f5ac5d34974163157cfed246feae0fdd9fa8c50bd9a5d3864aa096802a6
openvswitch2.15-ipsec-2.15.0-136.el8fdp.aarch64.rpm
SHA-256: 8334e1c1a32152eae1bd04b96e11409f0c793a28a275f2002057ce9ceb392e72
openvswitch2.15-test-2.15.0-136.el8fdp.noarch.rpm
SHA-256: 8dafff0e9f80ecc1b0ff58050b5d41f1f32d31a8472b5dcad31becfb92685370
python3-openvswitch2.15-2.15.0-136.el8fdp.aarch64.rpm
SHA-256: 1fef536d241633ff8f801571f485756c2d28b2bb70f67ec7bb7b674fe095e02a
python3-openvswitch2.15-debuginfo-2.15.0-136.el8fdp.aarch64.rpm
SHA-256: 09fb3e595a36d1d049b341ec1a392e51e1687e65d4ea783beb4895da6402cfe2
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.