USN-6690-1: Open vSwitch vulnerabilities

Releases

• Ubuntu 23.10
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Packages

• openvswitch - Ethernet virtual switch

Details

Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch
incorrectly handled certain crafted Geneve packets when hardware offloading
via the netlink path is enabled. A remote attacker could possibly use this
issue to cause Open vSwitch to crash, leading to a denial of service.
(CVE-2023-3966)

It was discovered that Open vSwitch incorrectly handled certain ICMPv6
Neighbor Advertisement packets. A remote attacker could possibly use this
issue to redirect traffic to arbitrary IP addresses. (CVE-2023-5366)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10

• openvswitch-common - 3.2.2-0ubuntu0.23.10.1
• python3-openvswitch - 3.2.2-0ubuntu0.23.10.1

Ubuntu 22.04

• openvswitch-common - 2.17.9-0ubuntu0.22.04.1
• python3-openvswitch - 2.17.9-0ubuntu0.22.04.1

Ubuntu 20.04

• openvswitch-common - 2.13.8-0ubuntu1.4
• python3-openvswitch - 2.13.8-0ubuntu1.4

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

• CVE-2023-5366
• CVE-2023-3966

Related notices

• USN-6514-1: openvswitch-source, ovn-docker, openvswitch-common, openvswitch-doc, ovn-central, openvswitch-pki, openvswitch-vtep, openvswitch-switch, ovn-controller-vtep, python-openvswitch, python3-openvswitch, openvswitch-switch-dpdk, ovn-common, openvswitch-testcontroller, openvswitch, openvswitch-test, ovn-host