Headline
RHSA-2023:1766: Red Hat Security Advisory: openvswitch3.1 security update
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-13
Updated:
2023-04-13
RHSA-2023:1766 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch3.1 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-8] Fast Datapath Release (BZ#2177687)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Users of openvswitch3.1 are advised to upgrade to these updated packages, which fixes these bugs.
Affected Products
- Red Hat Enterprise Linux Fast Datapath 8 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8 aarch64
Fixes
- BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
- BZ - 2177687 - [23.C RHEL-8] Fast Datapath Release
Red Hat Enterprise Linux Fast Datapath 8
SRPM
openvswitch3.1-3.1.0-17.el8fdp.src.rpm
SHA-256: 31fd72ce05f9a43d5661378cf61fde30041d9c1578eed66ca926477c051eea10
x86_64
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm
SHA-256: ee892c5d74de17c307943bdf7c4960155aae731cbe0a369f2cceef7c2b585f41
openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm
SHA-256: 1349865bc9d7087d89a49c8dc96ba45edd8b6adb851989a41f95c7e6ac471600
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm
SHA-256: 9215a8d947904c9189936467a513abb3484dab4a33692a09d6407ef36053baa4
openvswitch3.1-debugsource-3.1.0-17.el8fdp.x86_64.rpm
SHA-256: 2d5474d4bd1d586801aeaef5137976b564b1749f971db1aa86c91c36c1903f3b
openvswitch3.1-devel-3.1.0-17.el8fdp.x86_64.rpm
SHA-256: 1b200224cc6671cb5a089e91feafe6e8645ca3fd350b72a619d84139ceffa5a6
openvswitch3.1-ipsec-3.1.0-17.el8fdp.x86_64.rpm
SHA-256: 0622b2bb9491ae175fb776df9e2c5d9bfea85f323387e3278ddddf257ec99ef1
openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm
SHA-256: f6ce32cde58b8deeea16e7fb59ef75ba56f19181ade9c305994f74787b32b526
python3-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm
SHA-256: 43b692fac0abe54b837fcdbc2da88c73cb6df51a49e3b8a311cc2f3932acb2d4
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm
SHA-256: f7a752c2962e47e0a9ecc401858a7e03e9670e3df3c181f414add5a66d02c02e
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 8
SRPM
openvswitch3.1-3.1.0-17.el8fdp.src.rpm
SHA-256: 31fd72ce05f9a43d5661378cf61fde30041d9c1578eed66ca926477c051eea10
ppc64le
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm
SHA-256: eac410049e53f2d9223b18837ee02c2e2b44d64e8335d3d5f35f6afacf93e171
openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm
SHA-256: b03a51fdb259e115122655ddce0af95dc4da13b6b94ad67cfefc9720400ebe94
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm
SHA-256: 520e9c7218b562e10da888f2b4afcaa517f0bff9f90c1645237f0350efd3052d
openvswitch3.1-debugsource-3.1.0-17.el8fdp.ppc64le.rpm
SHA-256: 3a0f880c215ec02c207fefcc92251463e68def0710a986e3dbe92896685a2a25
openvswitch3.1-devel-3.1.0-17.el8fdp.ppc64le.rpm
SHA-256: 9a7d53c849f5c8a2d2c2c4f0ba2b5e119a4fa23f1c50b33a49cf6339abc083d3
openvswitch3.1-ipsec-3.1.0-17.el8fdp.ppc64le.rpm
SHA-256: 7f3829de9358d23d899049e2a764535f8501bb7a93e3bec53ef562fd0c3dfa81
openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm
SHA-256: f6ce32cde58b8deeea16e7fb59ef75ba56f19181ade9c305994f74787b32b526
python3-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm
SHA-256: 8be7afe0190c4471ecc0e2383a9ac0fb294dba8b82ee853b9fd305bf1293aa11
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm
SHA-256: c571771da6ff95e5896df7172ca1248d3ba52baa0ad16573ce96795161038bda
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 8
SRPM
openvswitch3.1-3.1.0-17.el8fdp.src.rpm
SHA-256: 31fd72ce05f9a43d5661378cf61fde30041d9c1578eed66ca926477c051eea10
s390x
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm
SHA-256: 682a24687d0445eec9f73aff9e9a0387ae1589a776381d60c7a3c5cb0a132da9
openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm
SHA-256: a8a954ac0a73407b607f74960fb7097d3d3f90721639ed364fdc764695776cb6
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm
SHA-256: 3052c572ec1bbf43ef91b2d61ab7b3510124fe5c00d74abeeebb9c5939b8f17a
openvswitch3.1-debugsource-3.1.0-17.el8fdp.s390x.rpm
SHA-256: 7cb5851ae029e130835a7ab9d311f0ccf66fc702019088f2d879f6256c4e1c7b
openvswitch3.1-devel-3.1.0-17.el8fdp.s390x.rpm
SHA-256: 03a8a7bbfe9c7903cf9a8175ed1dd7ecda27d10a666fe671f4d98439133c9690
openvswitch3.1-ipsec-3.1.0-17.el8fdp.s390x.rpm
SHA-256: cebaf340a9c3dcb0ff9309a2b42db993b290097bbe0db1ea4b1e415d6bc5b3dc
openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm
SHA-256: f6ce32cde58b8deeea16e7fb59ef75ba56f19181ade9c305994f74787b32b526
python3-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm
SHA-256: 2bd61500fb6823c2781cb359d1648d7b11b9367b8e90ceaceddf684892c00277
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm
SHA-256: af6057b051bc3c16f0be4836c2fe70337890c2e23987898b254df3e0b2462cc6
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 8
SRPM
openvswitch3.1-3.1.0-17.el8fdp.src.rpm
SHA-256: 31fd72ce05f9a43d5661378cf61fde30041d9c1578eed66ca926477c051eea10
aarch64
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm
SHA-256: 8756315693d2bc8a28a260f5222678e38358201faac100fb093daa5ca3543d46
openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm
SHA-256: e418853af5353433e72ead732e6da1ffe0a24cff833afff24d8dfc3d3570a8ec
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm
SHA-256: b4243de683f526468c5e7a938124f0e35c1461e70490c34212d3924b75883c62
openvswitch3.1-debugsource-3.1.0-17.el8fdp.aarch64.rpm
SHA-256: 7d4f0f974623bd46a0a1a95878927c8a30e0dcc724657fd687489488990aee73
openvswitch3.1-devel-3.1.0-17.el8fdp.aarch64.rpm
SHA-256: b22818cb02f8c3d1d3b0e0b49e033467fceaa4bbcf98bc8f849c4720ffaad92f
openvswitch3.1-ipsec-3.1.0-17.el8fdp.aarch64.rpm
SHA-256: 4e4cbefe4f8105a2e9ea2ca0151c22d9f2c4e2d1926f26052e6a4ba6125c8e73
openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm
SHA-256: f6ce32cde58b8deeea16e7fb59ef75ba56f19181ade9c305994f74787b32b526
python3-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm
SHA-256: 21d0134ecf88aa4987e5b71ece80ab360ad462bd531e3ba7c58428ef7450a053
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm
SHA-256: 6a6005284a3b05ec0b6476ac34c2b7c2b05c1eee1518f8c26b1410359b0cd319
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.