Headline
RHSA-2023:1770: Red Hat Security Advisory: openvswitch3.1 security update
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-13
Updated:
2023-04-13
RHSA-2023:1770 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch3.1 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat
Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-9] Fast Datapath Release (BZ#2177688)
Affected Products
- Red Hat Enterprise Linux Fast Datapath 9 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9 aarch64
Fixes
- BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
- BZ - 2177688 - [23.C RHEL-9] Fast Datapath Release
Red Hat Enterprise Linux Fast Datapath 9
SRPM
openvswitch3.1-3.1.0-14.el9fdp.src.rpm
SHA-256: bd4870718372b8969bd0dc28118952510f02f4c14eea635159882a34e42205e9
x86_64
openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm
SHA-256: 88bd1e98ffbea0b08c6f9827b2eec3c99eeb88accf8fbf05b0a88ce159a07915
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm
SHA-256: 975732f42709ecbd51aa77f4ffef7155e5245483341989f482a747b2a63d8ad4
openvswitch3.1-debugsource-3.1.0-14.el9fdp.x86_64.rpm
SHA-256: b5892c39e411fedb28518d163baa58fda9a0bdb4aae130b1c7a9fe0f3b150a7a
openvswitch3.1-devel-3.1.0-14.el9fdp.x86_64.rpm
SHA-256: 9882d979e93de7aa33696cdcba9341fe5a2a256c048695ab5cf343c8ab8c49e6
openvswitch3.1-ipsec-3.1.0-14.el9fdp.x86_64.rpm
SHA-256: e487b94a9218e473435a827c5925ccd75e2ae6d568e6ff694dbea24fcecc65f7
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm
SHA-256: c93c1765855c79152d81f35aab3cdf52c222d6b2ed80953d65175788aba5aecb
python3-openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm
SHA-256: dbd209e5230019c9147453154d5f2f1ea397eaf99c4cb086432e3a73c3fdf5f0
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm
SHA-256: 69ab315ead67e0dbf7c2236b6cce571271049f3338591960774d7e40e7205bf0
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9
SRPM
openvswitch3.1-3.1.0-14.el9fdp.src.rpm
SHA-256: bd4870718372b8969bd0dc28118952510f02f4c14eea635159882a34e42205e9
ppc64le
openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm
SHA-256: 32ae508ecd00849aea5db436d31d583d3f7adc4fcc5ffcdc946f75878d18a97f
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm
SHA-256: accc79e8fc80cb33199bea244251aa4a6310bcd8eca3eb6b974fbc1978615b7e
openvswitch3.1-debugsource-3.1.0-14.el9fdp.ppc64le.rpm
SHA-256: 1e501a734340e27936d8b946010dd040ca695288528d409cf9d5780e041becd8
openvswitch3.1-devel-3.1.0-14.el9fdp.ppc64le.rpm
SHA-256: 31982e2bbb0795f2d364da48f75e57e60af861d0f08959a9432c8306fe3606c3
openvswitch3.1-ipsec-3.1.0-14.el9fdp.ppc64le.rpm
SHA-256: dd4c7351b5545a3348ce0b0355073d8cf977f34d8d6bbd47e4ff9af324b707ef
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm
SHA-256: c93c1765855c79152d81f35aab3cdf52c222d6b2ed80953d65175788aba5aecb
python3-openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm
SHA-256: cc52f2391ef87cebbed52d7d48e1d02d2498ea5c60a087f3afc9fd92750eb006
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm
SHA-256: 30579f02d4ca61cf663a84e3842ed2f84f460989beda93e05c42a71a64f37afe
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9
SRPM
openvswitch3.1-3.1.0-14.el9fdp.src.rpm
SHA-256: bd4870718372b8969bd0dc28118952510f02f4c14eea635159882a34e42205e9
s390x
openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm
SHA-256: 9e8d322221d637ed771c54b732128748b8c7c114e8d93431e22bc562238abb49
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm
SHA-256: b17c2f16383e5878e870f044b76cff55c6c1a97bea99560a0bf1cf41312924dc
openvswitch3.1-debugsource-3.1.0-14.el9fdp.s390x.rpm
SHA-256: f18d728aef292b70772c1404eb0f576ff39b672fa6e20b4b1efd2883b121402e
openvswitch3.1-devel-3.1.0-14.el9fdp.s390x.rpm
SHA-256: 2215e0a2916547ce5a08516c432232237eab5912c48201424457d39caf8a91f1
openvswitch3.1-ipsec-3.1.0-14.el9fdp.s390x.rpm
SHA-256: 2a40753eac5390d9fb0388475638f541950b75b6e5874fcc37e4d39898106d00
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm
SHA-256: c93c1765855c79152d81f35aab3cdf52c222d6b2ed80953d65175788aba5aecb
python3-openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm
SHA-256: b9424c7b46c620b5df48813171c727c32b1165a2dba7c8aa2e805440db67dc6e
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm
SHA-256: c2807255fe47981777c95e59fb105a66802606d33768778f6d3ac499b7a9691b
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9
SRPM
openvswitch3.1-3.1.0-14.el9fdp.src.rpm
SHA-256: bd4870718372b8969bd0dc28118952510f02f4c14eea635159882a34e42205e9
aarch64
openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm
SHA-256: 562767e6805c62e74b8bcc56db80a52c7e42880e27ec9155a5b9b3d4ef888935
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm
SHA-256: 3baf46be2663db57c15be49b0f19a521bb57ad9440b850cac931adad7196d877
openvswitch3.1-debugsource-3.1.0-14.el9fdp.aarch64.rpm
SHA-256: a90dd2c8e53f6c6727e2d791734bfaf6fb7061d69af204baad9ab67de1ea6125
openvswitch3.1-devel-3.1.0-14.el9fdp.aarch64.rpm
SHA-256: e2deb18b5a124a9f8e630d3d0fe9d85e07d4e9c7a71b7be040b2759dfd9e79a7
openvswitch3.1-ipsec-3.1.0-14.el9fdp.aarch64.rpm
SHA-256: 91f12945166a743c82bf05dde920d5d0dc4a2e5ddc70fab5e6f9dd423da4b787
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm
SHA-256: c93c1765855c79152d81f35aab3cdf52c222d6b2ed80953d65175788aba5aecb
python3-openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm
SHA-256: c0c61aa0bf7e812ca2a0427c5d688000e22a545336bcd8eb0db57d292f8b1295
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm
SHA-256: 44c2c821d4f0775c9607d06546cd30691186f3544e7024f764f9d8d98277265e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.