Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1769: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-13

Updated:

2023-04-13

RHSA-2023:1769 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openvswitch2.17 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

  • openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [23.C RHEL-9] Fast Datapath Release (BZ#2177686)
  • [CT] Inner header of ICMP related traffic does not get DNATed (BZ#2178203)

Affected Products

  • Red Hat Enterprise Linux Fast Datapath 9 x86_64
  • Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9 ppc64le
  • Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9 s390x
  • Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9 aarch64

Fixes

  • BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
  • BZ - 2177686 - [23.C RHEL-9] Fast Datapath Release
  • BZ - 2178203 - [CT] Inner header of ICMP related traffic does not get DNATed

Red Hat Enterprise Linux Fast Datapath 9

SRPM

openvswitch2.17-2.17.0-77.el9fdp.src.rpm

SHA-256: ae287d6c93934d793b881bf2ed8869f98db3f521dc1af0a9a1441e9a97f713ac

x86_64

openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm

SHA-256: 2e01fea560624fc980a3e530c7ef5ae29573cdb737c0397002da55bb264dcf67

openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm

SHA-256: c15e0a6d50b07c5656dfad30802e09de0c734aaacc997fe748ba4cfa3c735b29

openvswitch2.17-debugsource-2.17.0-77.el9fdp.x86_64.rpm

SHA-256: 718e7e42521638d896e29b31c9c3ea4bfe64e7a1828a5b27b2383134d9917095

openvswitch2.17-devel-2.17.0-77.el9fdp.x86_64.rpm

SHA-256: 828a6c40b5e6a6c01afdcdaf1f27b4eab8d5d3a7e18a854f80c6f3e32751894c

openvswitch2.17-ipsec-2.17.0-77.el9fdp.x86_64.rpm

SHA-256: d5dc44759edfc48050d35309387f579bd5e05bb438a283b265e5b6d4d62921bf

openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm

SHA-256: 81b0513b67a38af6f7bad27ee2d96e3919bd6276303479a15a2764ec98a32810

python3-openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm

SHA-256: f5b9119240281f566bc00cbcab983f6dd123711571ce283923fbcf9f72bc92ac

python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm

SHA-256: dd619188a159a5a621b4103b892ad22402571d777f004e494a3d5356d3cf6861

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9

SRPM

openvswitch2.17-2.17.0-77.el9fdp.src.rpm

SHA-256: ae287d6c93934d793b881bf2ed8869f98db3f521dc1af0a9a1441e9a97f713ac

ppc64le

openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm

SHA-256: be81667afe923791d00b479e33057b22733392c38f12b23b5a7c52fb27a78abe

openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm

SHA-256: 035ee8c41f441de35bdc573bcd2c8116d3b12dd52c4e7bdd6dd09311c51ddec3

openvswitch2.17-debugsource-2.17.0-77.el9fdp.ppc64le.rpm

SHA-256: 8361d93c3a21a8b860bf1c64e3a61ad346681cc6f56ec50dd5edebfafcc85da9

openvswitch2.17-devel-2.17.0-77.el9fdp.ppc64le.rpm

SHA-256: eca1d673e7ec932f404ad28e167ecc97f33a864a8c7fc516e6d3075957815fb5

openvswitch2.17-ipsec-2.17.0-77.el9fdp.ppc64le.rpm

SHA-256: adb50d6c672faf4cb2ce7a97c8152f0d3d3dc45041cd32188f603c1c2d30199e

openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm

SHA-256: 81b0513b67a38af6f7bad27ee2d96e3919bd6276303479a15a2764ec98a32810

python3-openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm

SHA-256: 8d30d1072653a050e098d7d77e8968d4fc73fddcb387eb4985a00e772e4280c9

python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm

SHA-256: 80a54c121ab033611b2fb1f9fe831d7c025af5085b33df3a88eb0fba4d179bf2

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9

SRPM

openvswitch2.17-2.17.0-77.el9fdp.src.rpm

SHA-256: ae287d6c93934d793b881bf2ed8869f98db3f521dc1af0a9a1441e9a97f713ac

s390x

openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm

SHA-256: 8688796dc4ac8ec861256d0c10e80335734f99ed818720f107dd9dd600cf4ee8

openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm

SHA-256: 35f66fa9885f15de8f5093da10f8810ec00877493d85372e36ab862ede5e1e5e

openvswitch2.17-debugsource-2.17.0-77.el9fdp.s390x.rpm

SHA-256: 01e35b4df6e372688d70283132dec8fabac9df92a5a6e775b3eaaf0ce621eec8

openvswitch2.17-devel-2.17.0-77.el9fdp.s390x.rpm

SHA-256: f9ecc122c8504a382e553607253b9ab06919b33eca6d65a53cab4d1015dd20b1

openvswitch2.17-ipsec-2.17.0-77.el9fdp.s390x.rpm

SHA-256: 25476fbd51f9f02b9e794cbe24347a038f1255570e122a3db1cfe3442cdfc231

openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm

SHA-256: 81b0513b67a38af6f7bad27ee2d96e3919bd6276303479a15a2764ec98a32810

python3-openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm

SHA-256: 0f7949a19d81fbe7646030a5ba17a20e903c5ce51dc35ab0fe83543a82eba21c

python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm

SHA-256: 170fa1811f88976ec7393d6bcdfd7682673e2d7cc62543f14152cb6b81131d3a

Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9

SRPM

openvswitch2.17-2.17.0-77.el9fdp.src.rpm

SHA-256: ae287d6c93934d793b881bf2ed8869f98db3f521dc1af0a9a1441e9a97f713ac

aarch64

openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm

SHA-256: a7431ecf518ee87f6952e9ab83e8659194be9cb3df57b1c630a62ee9621d5e93

openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm

SHA-256: b48dab702b10dc9fe6094de9797fc072f925e4e8f57faf8da41472d1c87f48a5

openvswitch2.17-debugsource-2.17.0-77.el9fdp.aarch64.rpm

SHA-256: 8e646a0884d2d40a5256a9edcf92373a83495ab07da98ae971d9e19be91c0ebd

openvswitch2.17-devel-2.17.0-77.el9fdp.aarch64.rpm

SHA-256: 00f829adc6d6f341a2f2c63977748952c62b839bdea96ef263015993e3f9e83a

openvswitch2.17-ipsec-2.17.0-77.el9fdp.aarch64.rpm

SHA-256: 80b803f7915e031a61b16f9eae774775ee157ee36d63c89dcafc419bf5aadbd0

openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm

SHA-256: 81b0513b67a38af6f7bad27ee2d96e3919bd6276303479a15a2764ec98a32810

python3-openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm

SHA-256: be6be7ec7e3ad0a79e222be8e40dbee65c638dff2d7713af1a01c419d09e559b

python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm

SHA-256: 4449a5b69e6bf7e1ef4c7da475b53fc1536ee79f540510996afab12d3096f7c5

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202311-16

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

Red Hat Security Advisory 2023-3491-01

Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6068-1

Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-1823-01

Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1823: Red Hat Security Advisory: openvswitch2.13 security update

An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...

RHSA-2023:1824: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...

Debian Security Advisory 5387-1

Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

RHSA-2023:1770: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

RHSA-2023:1765: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...

RHSA-2023:1766: Red Hat Security Advisory: openvswitch3.1 security update

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...

CVE-2023-1668: security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.