Описание
Security update for openvswitch
This update for openvswitch fixes the following issues:
- CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054).
Список пакетов
SUSE Linux Enterprise Module for Legacy 15 SP5
libopenvswitch-2_14-0-2.14.2-150400.24.9.1
libovn-20_06-0-20.06.2-150400.24.9.1
openvswitch-2.14.2-150400.24.9.1
openvswitch-devel-2.14.2-150400.24.9.1
openvswitch-ipsec-2.14.2-150400.24.9.1
openvswitch-pki-2.14.2-150400.24.9.1
openvswitch-test-2.14.2-150400.24.9.1
openvswitch-vtep-2.14.2-150400.24.9.1
ovn-20.06.2-150400.24.9.1
ovn-central-20.06.2-150400.24.9.1
ovn-devel-20.06.2-150400.24.9.1
ovn-docker-20.06.2-150400.24.9.1
ovn-host-20.06.2-150400.24.9.1
ovn-vtep-20.06.2-150400.24.9.1
python3-ovs-2.14.2-150400.24.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
python3-ovs-2.14.2-150400.24.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
python3-ovs-2.14.2-150400.24.9.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
libopenvswitch-2_14-0-2.14.2-150400.24.9.1
libovn-20_06-0-20.06.2-150400.24.9.1
openvswitch-2.14.2-150400.24.9.1
openvswitch-devel-2.14.2-150400.24.9.1
openvswitch-ipsec-2.14.2-150400.24.9.1
openvswitch-pki-2.14.2-150400.24.9.1
openvswitch-test-2.14.2-150400.24.9.1
openvswitch-vtep-2.14.2-150400.24.9.1
ovn-20.06.2-150400.24.9.1
ovn-central-20.06.2-150400.24.9.1
ovn-devel-20.06.2-150400.24.9.1
ovn-docker-20.06.2-150400.24.9.1
ovn-host-20.06.2-150400.24.9.1
ovn-vtep-20.06.2-150400.24.9.1
python3-ovs-2.14.2-150400.24.9.1
openSUSE Leap 15.4
libopenvswitch-2_14-0-2.14.2-150400.24.9.1
libovn-20_06-0-20.06.2-150400.24.9.1
openvswitch-2.14.2-150400.24.9.1
openvswitch-devel-2.14.2-150400.24.9.1
openvswitch-doc-2.14.2-150400.24.9.1
openvswitch-ipsec-2.14.2-150400.24.9.1
openvswitch-pki-2.14.2-150400.24.9.1
openvswitch-test-2.14.2-150400.24.9.1
openvswitch-vtep-2.14.2-150400.24.9.1
ovn-20.06.2-150400.24.9.1
ovn-central-20.06.2-150400.24.9.1
ovn-devel-20.06.2-150400.24.9.1
ovn-doc-20.06.2-150400.24.9.1
ovn-docker-20.06.2-150400.24.9.1
ovn-host-20.06.2-150400.24.9.1
ovn-vtep-20.06.2-150400.24.9.1
python3-ovs-2.14.2-150400.24.9.1
openSUSE Leap 15.5
libopenvswitch-2_14-0-2.14.2-150400.24.9.1
libovn-20_06-0-20.06.2-150400.24.9.1
openvswitch-2.14.2-150400.24.9.1
openvswitch-devel-2.14.2-150400.24.9.1
openvswitch-doc-2.14.2-150400.24.9.1
openvswitch-ipsec-2.14.2-150400.24.9.1
openvswitch-pki-2.14.2-150400.24.9.1
openvswitch-test-2.14.2-150400.24.9.1
openvswitch-vtep-2.14.2-150400.24.9.1
ovn-20.06.2-150400.24.9.1
ovn-central-20.06.2-150400.24.9.1
ovn-devel-20.06.2-150400.24.9.1
ovn-doc-20.06.2-150400.24.9.1
ovn-docker-20.06.2-150400.24.9.1
ovn-host-20.06.2-150400.24.9.1
ovn-vtep-20.06.2-150400.24.9.1
python3-ovs-2.14.2-150400.24.9.1
Ссылки
- Link for SUSE-SU-2023:2296-1
- E-Mail link for SUSE-SU-2023:2296-1
- SUSE Security Ratings
- SUSE Bug 1210054
- SUSE CVE CVE-2023-1668 page
Описание
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP5:libopenvswitch-2_14-0-2.14.2-150400.24.9.1
SUSE Linux Enterprise Module for Legacy 15 SP5:libovn-20_06-0-20.06.2-150400.24.9.1
SUSE Linux Enterprise Module for Legacy 15 SP5:openvswitch-2.14.2-150400.24.9.1
SUSE Linux Enterprise Module for Legacy 15 SP5:openvswitch-devel-2.14.2-150400.24.9.1
Ссылки
- CVE-2023-1668
- SUSE Bug 1210054