Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1770: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-13

Updated:

2023-04-13

RHSA-2023:1770 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch3.1 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [23.C RHEL-9] Fast Datapath Release (BZ#2177688)

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 9 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9 aarch64

Fixes

  • BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
  • BZ - 2177688 - [23.C RHEL-9] Fast Datapath Release

Red Hat Enterprise Linux Fast Datapath 9

SRPM

openvswitch3.1-3.1.0-14.el9fdp.src.rpm

SHA-256: bd4870718372b8969bd0dc28118952510f02f4c14eea635159882a34e42205e9

x86_64

openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm

SHA-256: 88bd1e98ffbea0b08c6f9827b2eec3c99eeb88accf8fbf05b0a88ce159a07915

openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm

SHA-256: 975732f42709ecbd51aa77f4ffef7155e5245483341989f482a747b2a63d8ad4

openvswitch3.1-debugsource-3.1.0-14.el9fdp.x86_64.rpm

SHA-256: b5892c39e411fedb28518d163baa58fda9a0bdb4aae130b1c7a9fe0f3b150a7a

openvswitch3.1-devel-3.1.0-14.el9fdp.x86_64.rpm

SHA-256: 9882d979e93de7aa33696cdcba9341fe5a2a256c048695ab5cf343c8ab8c49e6

openvswitch3.1-ipsec-3.1.0-14.el9fdp.x86_64.rpm

SHA-256: e487b94a9218e473435a827c5925ccd75e2ae6d568e6ff694dbea24fcecc65f7

openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm

SHA-256: c93c1765855c79152d81f35aab3cdf52c222d6b2ed80953d65175788aba5aecb

python3-openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm

SHA-256: dbd209e5230019c9147453154d5f2f1ea397eaf99c4cb086432e3a73c3fdf5f0

python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm

SHA-256: 69ab315ead67e0dbf7c2236b6cce571271049f3338591960774d7e40e7205bf0

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9

SRPM

openvswitch3.1-3.1.0-14.el9fdp.src.rpm

SHA-256: bd4870718372b8969bd0dc28118952510f02f4c14eea635159882a34e42205e9

ppc64le

openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm

SHA-256: 32ae508ecd00849aea5db436d31d583d3f7adc4fcc5ffcdc946f75878d18a97f

openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm

SHA-256: accc79e8fc80cb33199bea244251aa4a6310bcd8eca3eb6b974fbc1978615b7e

openvswitch3.1-debugsource-3.1.0-14.el9fdp.ppc64le.rpm

SHA-256: 1e501a734340e27936d8b946010dd040ca695288528d409cf9d5780e041becd8

openvswitch3.1-devel-3.1.0-14.el9fdp.ppc64le.rpm

SHA-256: 31982e2bbb0795f2d364da48f75e57e60af861d0f08959a9432c8306fe3606c3

openvswitch3.1-ipsec-3.1.0-14.el9fdp.ppc64le.rpm

SHA-256: dd4c7351b5545a3348ce0b0355073d8cf977f34d8d6bbd47e4ff9af324b707ef

openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm

SHA-256: c93c1765855c79152d81f35aab3cdf52c222d6b2ed80953d65175788aba5aecb

python3-openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm

SHA-256: cc52f2391ef87cebbed52d7d48e1d02d2498ea5c60a087f3afc9fd92750eb006

python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm

SHA-256: 30579f02d4ca61cf663a84e3842ed2f84f460989beda93e05c42a71a64f37afe

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9

SRPM

openvswitch3.1-3.1.0-14.el9fdp.src.rpm

SHA-256: bd4870718372b8969bd0dc28118952510f02f4c14eea635159882a34e42205e9

s390x

openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm

SHA-256: 9e8d322221d637ed771c54b732128748b8c7c114e8d93431e22bc562238abb49

openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm

SHA-256: b17c2f16383e5878e870f044b76cff55c6c1a97bea99560a0bf1cf41312924dc

openvswitch3.1-debugsource-3.1.0-14.el9fdp.s390x.rpm

SHA-256: f18d728aef292b70772c1404eb0f576ff39b672fa6e20b4b1efd2883b121402e

openvswitch3.1-devel-3.1.0-14.el9fdp.s390x.rpm

SHA-256: 2215e0a2916547ce5a08516c432232237eab5912c48201424457d39caf8a91f1

openvswitch3.1-ipsec-3.1.0-14.el9fdp.s390x.rpm

SHA-256: 2a40753eac5390d9fb0388475638f541950b75b6e5874fcc37e4d39898106d00

openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm

SHA-256: c93c1765855c79152d81f35aab3cdf52c222d6b2ed80953d65175788aba5aecb

python3-openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm

SHA-256: b9424c7b46c620b5df48813171c727c32b1165a2dba7c8aa2e805440db67dc6e

python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm

SHA-256: c2807255fe47981777c95e59fb105a66802606d33768778f6d3ac499b7a9691b

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9

SRPM

openvswitch3.1-3.1.0-14.el9fdp.src.rpm

SHA-256: bd4870718372b8969bd0dc28118952510f02f4c14eea635159882a34e42205e9

aarch64

openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm

SHA-256: 562767e6805c62e74b8bcc56db80a52c7e42880e27ec9155a5b9b3d4ef888935

openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm

SHA-256: 3baf46be2663db57c15be49b0f19a521bb57ad9440b850cac931adad7196d877

openvswitch3.1-debugsource-3.1.0-14.el9fdp.aarch64.rpm

SHA-256: a90dd2c8e53f6c6727e2d791734bfaf6fb7061d69af204baad9ab67de1ea6125

openvswitch3.1-devel-3.1.0-14.el9fdp.aarch64.rpm

SHA-256: e2deb18b5a124a9f8e630d3d0fe9d85e07d4e9c7a71b7be040b2759dfd9e79a7

openvswitch3.1-ipsec-3.1.0-14.el9fdp.aarch64.rpm

SHA-256: 91f12945166a743c82bf05dde920d5d0dc4a2e5ddc70fab5e6f9dd423da4b787

openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm

SHA-256: c93c1765855c79152d81f35aab3cdf52c222d6b2ed80953d65175788aba5aecb

python3-openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm

SHA-256: c0c61aa0bf7e812ca2a0427c5d688000e22a545336bcd8eb0db57d292f8b1295

python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm

SHA-256: 44c2c821d4f0775c9607d06546cd30691186f3544e7024f764f9d8d98277265e

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202311-16

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

Red Hat Security Advisory 2023-3491-01

Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

RHSA-2023:3491: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...

Ubuntu Security Notice USN-6068-1

Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-1823-01

Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1824: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...

RHSA-2023:1823: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...

Debian Security Advisory 5387-1

Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1769: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...

RHSA-2023:1765: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...

RHSA-2023:1766: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

CVE-2023-1668: security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.