USN-6690-1: Open vSwitch vulnerabilities
12 March 2024
Several security issues were fixed in Open vSwitch.
Releases
Packages
- openvswitch - Ethernet virtual switch
Details
Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch
incorrectly handled certain crafted Geneve packets when hardware offloading
via the netlink path is enabled. A remote attacker could possibly use this
issue to cause Open vSwitch to crash, leading to a denial of service.
(CVE-2023-3966)
It was discovered that Open vSwitch incorrectly handled certain ICMPv6
Neighbor Advertisement packets. A remote attacker could possibly use this
issue to redirect traffic to arbitrary IP addresses. (CVE-2023-5366)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
Ubuntu 22.04
Ubuntu 20.04
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References
Related notices
- USN-6514-1: openvswitch-common, openvswitch, openvswitch-switch, openvswitch-testcontroller, ovn-controller-vtep, python-openvswitch, python3-openvswitch, ovn-host, ovn-common, openvswitch-test, openvswitch-doc, openvswitch-pki, ovn-docker, openvswitch-switch-dpdk, ovn-central, openvswitch-vtep, openvswitch-source