Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1766: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-13

Updated:

2023-04-13

RHSA-2023:1766 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch3.1 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [23.C RHEL-8] Fast Datapath Release (BZ#2177687)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch3.1 are advised to upgrade to these updated packages, which fixes these bugs.

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 8 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64

Fixes

  • BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
  • BZ - 2177687 - [23.C RHEL-8] Fast Datapath Release

Red Hat Enterprise Linux Fast Datapath 8

SRPM

openvswitch3.1-3.1.0-17.el8fdp.src.rpm

SHA-256: 31fd72ce05f9a43d5661378cf61fde30041d9c1578eed66ca926477c051eea10

x86_64

network-scripts-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm

SHA-256: ee892c5d74de17c307943bdf7c4960155aae731cbe0a369f2cceef7c2b585f41

openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm

SHA-256: 1349865bc9d7087d89a49c8dc96ba45edd8b6adb851989a41f95c7e6ac471600

openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm

SHA-256: 9215a8d947904c9189936467a513abb3484dab4a33692a09d6407ef36053baa4

openvswitch3.1-debugsource-3.1.0-17.el8fdp.x86_64.rpm

SHA-256: 2d5474d4bd1d586801aeaef5137976b564b1749f971db1aa86c91c36c1903f3b

openvswitch3.1-devel-3.1.0-17.el8fdp.x86_64.rpm

SHA-256: 1b200224cc6671cb5a089e91feafe6e8645ca3fd350b72a619d84139ceffa5a6

openvswitch3.1-ipsec-3.1.0-17.el8fdp.x86_64.rpm

SHA-256: 0622b2bb9491ae175fb776df9e2c5d9bfea85f323387e3278ddddf257ec99ef1

openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm

SHA-256: f6ce32cde58b8deeea16e7fb59ef75ba56f19181ade9c305994f74787b32b526

python3-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm

SHA-256: 43b692fac0abe54b837fcdbc2da88c73cb6df51a49e3b8a311cc2f3932acb2d4

python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm

SHA-256: f7a752c2962e47e0a9ecc401858a7e03e9670e3df3c181f414add5a66d02c02e

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8

SRPM

openvswitch3.1-3.1.0-17.el8fdp.src.rpm

SHA-256: 31fd72ce05f9a43d5661378cf61fde30041d9c1578eed66ca926477c051eea10

ppc64le

network-scripts-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm

SHA-256: eac410049e53f2d9223b18837ee02c2e2b44d64e8335d3d5f35f6afacf93e171

openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm

SHA-256: b03a51fdb259e115122655ddce0af95dc4da13b6b94ad67cfefc9720400ebe94

openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm

SHA-256: 520e9c7218b562e10da888f2b4afcaa517f0bff9f90c1645237f0350efd3052d

openvswitch3.1-debugsource-3.1.0-17.el8fdp.ppc64le.rpm

SHA-256: 3a0f880c215ec02c207fefcc92251463e68def0710a986e3dbe92896685a2a25

openvswitch3.1-devel-3.1.0-17.el8fdp.ppc64le.rpm

SHA-256: 9a7d53c849f5c8a2d2c2c4f0ba2b5e119a4fa23f1c50b33a49cf6339abc083d3

openvswitch3.1-ipsec-3.1.0-17.el8fdp.ppc64le.rpm

SHA-256: 7f3829de9358d23d899049e2a764535f8501bb7a93e3bec53ef562fd0c3dfa81

openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm

SHA-256: f6ce32cde58b8deeea16e7fb59ef75ba56f19181ade9c305994f74787b32b526

python3-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm

SHA-256: 8be7afe0190c4471ecc0e2383a9ac0fb294dba8b82ee853b9fd305bf1293aa11

python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm

SHA-256: c571771da6ff95e5896df7172ca1248d3ba52baa0ad16573ce96795161038bda

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8

SRPM

openvswitch3.1-3.1.0-17.el8fdp.src.rpm

SHA-256: 31fd72ce05f9a43d5661378cf61fde30041d9c1578eed66ca926477c051eea10

s390x

network-scripts-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm

SHA-256: 682a24687d0445eec9f73aff9e9a0387ae1589a776381d60c7a3c5cb0a132da9

openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm

SHA-256: a8a954ac0a73407b607f74960fb7097d3d3f90721639ed364fdc764695776cb6

openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm

SHA-256: 3052c572ec1bbf43ef91b2d61ab7b3510124fe5c00d74abeeebb9c5939b8f17a

openvswitch3.1-debugsource-3.1.0-17.el8fdp.s390x.rpm

SHA-256: 7cb5851ae029e130835a7ab9d311f0ccf66fc702019088f2d879f6256c4e1c7b

openvswitch3.1-devel-3.1.0-17.el8fdp.s390x.rpm

SHA-256: 03a8a7bbfe9c7903cf9a8175ed1dd7ecda27d10a666fe671f4d98439133c9690

openvswitch3.1-ipsec-3.1.0-17.el8fdp.s390x.rpm

SHA-256: cebaf340a9c3dcb0ff9309a2b42db993b290097bbe0db1ea4b1e415d6bc5b3dc

openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm

SHA-256: f6ce32cde58b8deeea16e7fb59ef75ba56f19181ade9c305994f74787b32b526

python3-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm

SHA-256: 2bd61500fb6823c2781cb359d1648d7b11b9367b8e90ceaceddf684892c00277

python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm

SHA-256: af6057b051bc3c16f0be4836c2fe70337890c2e23987898b254df3e0b2462cc6

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8

SRPM

openvswitch3.1-3.1.0-17.el8fdp.src.rpm

SHA-256: 31fd72ce05f9a43d5661378cf61fde30041d9c1578eed66ca926477c051eea10

aarch64

network-scripts-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm

SHA-256: 8756315693d2bc8a28a260f5222678e38358201faac100fb093daa5ca3543d46

openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm

SHA-256: e418853af5353433e72ead732e6da1ffe0a24cff833afff24d8dfc3d3570a8ec

openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm

SHA-256: b4243de683f526468c5e7a938124f0e35c1461e70490c34212d3924b75883c62

openvswitch3.1-debugsource-3.1.0-17.el8fdp.aarch64.rpm

SHA-256: 7d4f0f974623bd46a0a1a95878927c8a30e0dcc724657fd687489488990aee73

openvswitch3.1-devel-3.1.0-17.el8fdp.aarch64.rpm

SHA-256: b22818cb02f8c3d1d3b0e0b49e033467fceaa4bbcf98bc8f849c4720ffaad92f

openvswitch3.1-ipsec-3.1.0-17.el8fdp.aarch64.rpm

SHA-256: 4e4cbefe4f8105a2e9ea2ca0151c22d9f2c4e2d1926f26052e6a4ba6125c8e73

openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm

SHA-256: f6ce32cde58b8deeea16e7fb59ef75ba56f19181ade9c305994f74787b32b526

python3-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm

SHA-256: 21d0134ecf88aa4987e5b71ece80ab360ad462bd531e3ba7c58428ef7450a053

python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm

SHA-256: 6a6005284a3b05ec0b6476ac34c2b7c2b05c1eee1518f8c26b1410359b0cd319

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202311-16

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

Red Hat Security Advisory 2023-3491-01

Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

RHSA-2023:3491: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...

Ubuntu Security Notice USN-6068-1

Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-1823-01

Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1824: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...

RHSA-2023:1823: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...

Debian Security Advisory 5387-1

Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1770: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

RHSA-2023:1765: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...

RHSA-2023:1769: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...

CVE-2023-1668: security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.