Headline
RHSA-2023:1769: Red Hat Security Advisory: openvswitch2.17 security update
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-13
Updated:
2023-04-13
RHSA-2023:1769 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: openvswitch2.17 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat
Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
- openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [23.C RHEL-9] Fast Datapath Release (BZ#2177686)
- [CT] Inner header of ICMP related traffic does not get DNATed (BZ#2178203)
Affected Products
- Red Hat Enterprise Linux Fast Datapath 9 x86_64
- Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9 ppc64le
- Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9 s390x
- Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9 aarch64
Fixes
- BZ - 2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling
- BZ - 2177686 - [23.C RHEL-9] Fast Datapath Release
- BZ - 2178203 - [CT] Inner header of ICMP related traffic does not get DNATed
Red Hat Enterprise Linux Fast Datapath 9
SRPM
openvswitch2.17-2.17.0-77.el9fdp.src.rpm
SHA-256: ae287d6c93934d793b881bf2ed8869f98db3f521dc1af0a9a1441e9a97f713ac
x86_64
openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm
SHA-256: 2e01fea560624fc980a3e530c7ef5ae29573cdb737c0397002da55bb264dcf67
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm
SHA-256: c15e0a6d50b07c5656dfad30802e09de0c734aaacc997fe748ba4cfa3c735b29
openvswitch2.17-debugsource-2.17.0-77.el9fdp.x86_64.rpm
SHA-256: 718e7e42521638d896e29b31c9c3ea4bfe64e7a1828a5b27b2383134d9917095
openvswitch2.17-devel-2.17.0-77.el9fdp.x86_64.rpm
SHA-256: 828a6c40b5e6a6c01afdcdaf1f27b4eab8d5d3a7e18a854f80c6f3e32751894c
openvswitch2.17-ipsec-2.17.0-77.el9fdp.x86_64.rpm
SHA-256: d5dc44759edfc48050d35309387f579bd5e05bb438a283b265e5b6d4d62921bf
openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm
SHA-256: 81b0513b67a38af6f7bad27ee2d96e3919bd6276303479a15a2764ec98a32810
python3-openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm
SHA-256: f5b9119240281f566bc00cbcab983f6dd123711571ce283923fbcf9f72bc92ac
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm
SHA-256: dd619188a159a5a621b4103b892ad22402571d777f004e494a3d5356d3cf6861
Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9
SRPM
openvswitch2.17-2.17.0-77.el9fdp.src.rpm
SHA-256: ae287d6c93934d793b881bf2ed8869f98db3f521dc1af0a9a1441e9a97f713ac
ppc64le
openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm
SHA-256: be81667afe923791d00b479e33057b22733392c38f12b23b5a7c52fb27a78abe
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm
SHA-256: 035ee8c41f441de35bdc573bcd2c8116d3b12dd52c4e7bdd6dd09311c51ddec3
openvswitch2.17-debugsource-2.17.0-77.el9fdp.ppc64le.rpm
SHA-256: 8361d93c3a21a8b860bf1c64e3a61ad346681cc6f56ec50dd5edebfafcc85da9
openvswitch2.17-devel-2.17.0-77.el9fdp.ppc64le.rpm
SHA-256: eca1d673e7ec932f404ad28e167ecc97f33a864a8c7fc516e6d3075957815fb5
openvswitch2.17-ipsec-2.17.0-77.el9fdp.ppc64le.rpm
SHA-256: adb50d6c672faf4cb2ce7a97c8152f0d3d3dc45041cd32188f603c1c2d30199e
openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm
SHA-256: 81b0513b67a38af6f7bad27ee2d96e3919bd6276303479a15a2764ec98a32810
python3-openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm
SHA-256: 8d30d1072653a050e098d7d77e8968d4fc73fddcb387eb4985a00e772e4280c9
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm
SHA-256: 80a54c121ab033611b2fb1f9fe831d7c025af5085b33df3a88eb0fba4d179bf2
Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9
SRPM
openvswitch2.17-2.17.0-77.el9fdp.src.rpm
SHA-256: ae287d6c93934d793b881bf2ed8869f98db3f521dc1af0a9a1441e9a97f713ac
s390x
openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm
SHA-256: 8688796dc4ac8ec861256d0c10e80335734f99ed818720f107dd9dd600cf4ee8
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm
SHA-256: 35f66fa9885f15de8f5093da10f8810ec00877493d85372e36ab862ede5e1e5e
openvswitch2.17-debugsource-2.17.0-77.el9fdp.s390x.rpm
SHA-256: 01e35b4df6e372688d70283132dec8fabac9df92a5a6e775b3eaaf0ce621eec8
openvswitch2.17-devel-2.17.0-77.el9fdp.s390x.rpm
SHA-256: f9ecc122c8504a382e553607253b9ab06919b33eca6d65a53cab4d1015dd20b1
openvswitch2.17-ipsec-2.17.0-77.el9fdp.s390x.rpm
SHA-256: 25476fbd51f9f02b9e794cbe24347a038f1255570e122a3db1cfe3442cdfc231
openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm
SHA-256: 81b0513b67a38af6f7bad27ee2d96e3919bd6276303479a15a2764ec98a32810
python3-openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm
SHA-256: 0f7949a19d81fbe7646030a5ba17a20e903c5ce51dc35ab0fe83543a82eba21c
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm
SHA-256: 170fa1811f88976ec7393d6bcdfd7682673e2d7cc62543f14152cb6b81131d3a
Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9
SRPM
openvswitch2.17-2.17.0-77.el9fdp.src.rpm
SHA-256: ae287d6c93934d793b881bf2ed8869f98db3f521dc1af0a9a1441e9a97f713ac
aarch64
openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm
SHA-256: a7431ecf518ee87f6952e9ab83e8659194be9cb3df57b1c630a62ee9621d5e93
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm
SHA-256: b48dab702b10dc9fe6094de9797fc072f925e4e8f57faf8da41472d1c87f48a5
openvswitch2.17-debugsource-2.17.0-77.el9fdp.aarch64.rpm
SHA-256: 8e646a0884d2d40a5256a9edcf92373a83495ab07da98ae971d9e19be91c0ebd
openvswitch2.17-devel-2.17.0-77.el9fdp.aarch64.rpm
SHA-256: 00f829adc6d6f341a2f2c63977748952c62b839bdea96ef263015993e3f9e83a
openvswitch2.17-ipsec-2.17.0-77.el9fdp.aarch64.rpm
SHA-256: 80b803f7915e031a61b16f9eae774775ee157ee36d63c89dcafc419bf5aadbd0
openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm
SHA-256: 81b0513b67a38af6f7bad27ee2d96e3919bd6276303479a15a2764ec98a32810
python3-openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm
SHA-256: be6be7ec7e3ad0a79e222be8e40dbee65c638dff2d7713af1a01c419d09e559b
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm
SHA-256: 4449a5b69e6bf7e1ef4c7da475b53fc1536ee79f540510996afab12d3096f7c5
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.
Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch2.13 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but...
Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
An update for openvswitch2.17 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but ...
An update for openvswitch3.1 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but w...
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.