USN-6690-1: Open vSwitch vulnerabilities
12 March 2024
Several security issues were fixed in Open vSwitch.
Releases
Packages
- openvswitch - Ethernet virtual switch
Details
Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch
incorrectly handled certain crafted Geneve packets when hardware offloading
via the netlink path is enabled. A remote attacker could possibly use this
issue to cause Open vSwitch to crash, leading to a denial of service.
(CVE-2023-3966)
It was discovered that Open vSwitch incorrectly handled certain ICMPv6
Neighbor Advertisement packets. A remote attacker could possibly use this
issue to redirect traffic to arbitrary IP addresses. (CVE-2023-5366)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
Ubuntu 22.04
Ubuntu 20.04
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References
Related notices
- USN-6514-1: openvswitch-testcontroller, openvswitch-vtep, ovn-controller-vtep, ovn-docker, openvswitch-common, ovn-central, python-openvswitch, openvswitch-doc, openvswitch-test, ovn-host, openvswitch-pki, openvswitch-source, openvswitch-switch, ovn-common, openvswitch, python3-openvswitch, openvswitch-switch-dpdk