openvswitch: ip proto 0 triggers incorrect handling

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

RHEL 9 : openvswitch2.17 (RHSA-2023:1769)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1769 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

RHEL 9 : openvswitch3.1 (RHSA-2023:1770)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1770 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

RHEL 8 : openvswitch3.1 (RHSA-2023:1766)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1766 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

DSA-5387-1 openvswitch - security update

Bulletin has no description...

Debian dla-3389 : liblldpctl-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3389 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3389-1 [email protected]...

CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

AZL-26031 CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-2

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

Design/Logic Flaw

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

CVE-2023-1668

CVE-2023-1668 — Open vSwitch (OVS) has a flaw where, when processing an IP packet with protocol 0, OVS installs a datapath flow whose action does not modify the IP header. This can cause a datapath rule matching all IP protocols (nw_proto wildcarded) to have an incorrect action, risking improper ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:1795-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1795-1 advisory. - Open vSwitch aka openvswitch 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP...

SUSE-SU-2023:1795-1 Security update for openvswitch

This update for openvswitch fixes the following issues: - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAWENCAP action bsc1188524. - CVE-2022-32166: Fixed a out of bounds read in minimaskequal bsc1203865...

CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

CBL Mariner 2.0 Security Update: openvswitch (CVE-2019-25076)

The version of openvswitch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-25076 advisory. - The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attacke...

Denial Of Service (DoS)

openvswitch is vulnerable to Denial of Service DoS attacks. A memory leak occurs during userspace IP fragmentation processing, which allows an attacker to use this flaw to potentially exhaust available memory by keeping sending packet fragments, causing the application to crash...

Unbreakable Enterprise kernel security update

5.4.17-2136.317.5.3 - udf: Fix file corruption when appending just after end of preallocated extent Jan Kara Orabug: 35192150 - selftests/ftrace: Fix bash specific '==' operator Masami Hiramatsu Google Orabug: 35192150 - net: Fix unwanted sign extension in netdevstatstostats64 Felix Riemann Orabu...