Synopsis

Moderate: openvswitch security, bug fix and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update for openvswitch is now available in Fast Datapath for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

• dpdk: librte_vhost Interger overflow in vhost_user_set_log_base() (CVE-2020-10722)
  
• dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• OVS causing high pings and latency inside guest VM when an active DPDK port fails (BZ#1822198)
  
• SEGV after recirculation in batch processing in vswitchd 2.9.0 (BZ#1826886)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Fast Datapath 7 x86_64
• Red Hat Virtualization - Extended Update Support 4.2 for RHEL 7.6 x86_64
• Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 7 ppc64le
• Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 7 s390x

Fixes

• BZ - 1822198 - OVS causing high pings and latency inside guest VM when an active DPDK port fails
• BZ - 1826886 - SEGV after recirculation in batch processing in vswitchd 2.9.0
• BZ - 1828867 - CVE-2020-10722 dpdk: librte_vhost Interger overflow in vhost_user_set_log_base()
• BZ - 1828874 - CVE-2020-10723 dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

CVEs

• CVE-2020-10722
• CVE-2020-10723

References

• https://access.redhat.com/security/updates/classification/#moderate

Red Hat Enterprise Linux Fast Datapath 7

SRPM
openvswitch-2.9.0-130.el7fdp.src.rpm	SHA-256: 32bee9af036303fcba5ec929fbeb682c2c0620bf0db6634592a4970f0bd52dd1
x86_64
openvswitch-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: c15c5f0ad1b7c61df19e2759be11852b0053f4c176a08842800cb47fe1e336cb
openvswitch-debuginfo-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: f739e4b4f66759e69cd97cb4c2b7336b49a8663e8e7d37c3489e91d5e7186cd2
openvswitch-devel-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: 62f000c3dacca54d3fd7d2ab0f36824adcade71ffabb4c2a63f8be57af42a56b
openvswitch-ovn-central-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: 8584e994ff8230bdcdffff4bd46a4015fc4280bdd7cac8a61b530696ee875c4b
openvswitch-ovn-common-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: 431a5b708a9536d070940558423474e1e6dcb6f00262b76b68b108e93f08283b
openvswitch-ovn-host-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: e75d53e03f790fd811f5a8cf03e47e05232952c633a0d7f61207e41359a61623
openvswitch-ovn-vtep-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: 713caa476ece58074b58ee5954f1ae337f37f2530e16ba9e71bb215db48e194e
openvswitch-test-2.9.0-130.el7fdp.noarch.rpm	SHA-256: de79d26fb8614bd2608125ce7e5dd0146dee2e5e5c98ca46ecd11c1ee531a3ea
python-openvswitch-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: 66b9aef348b5607ef966d52cf1e7605850044bb8a3fc4f5a5fa5592782c3300f

Red Hat Virtualization - Extended Update Support 4.2 for RHEL 7.6

SRPM
openvswitch-2.9.0-130.el7fdp.src.rpm	SHA-256: 32bee9af036303fcba5ec929fbeb682c2c0620bf0db6634592a4970f0bd52dd1
x86_64
openvswitch-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: c15c5f0ad1b7c61df19e2759be11852b0053f4c176a08842800cb47fe1e336cb
openvswitch-debuginfo-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: f739e4b4f66759e69cd97cb4c2b7336b49a8663e8e7d37c3489e91d5e7186cd2
openvswitch-devel-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: 62f000c3dacca54d3fd7d2ab0f36824adcade71ffabb4c2a63f8be57af42a56b
openvswitch-ovn-common-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: 431a5b708a9536d070940558423474e1e6dcb6f00262b76b68b108e93f08283b
openvswitch-ovn-host-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: e75d53e03f790fd811f5a8cf03e47e05232952c633a0d7f61207e41359a61623
python-openvswitch-2.9.0-130.el7fdp.x86_64.rpm	SHA-256: 66b9aef348b5607ef966d52cf1e7605850044bb8a3fc4f5a5fa5592782c3300f

Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 7

SRPM
openvswitch-2.9.0-130.el7fdp.src.rpm	SHA-256: 32bee9af036303fcba5ec929fbeb682c2c0620bf0db6634592a4970f0bd52dd1
ppc64le
openvswitch-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: ca2d102b53a5ef91e1a9807910e6d9edcd19852bc343583adf6806accb862f3a
openvswitch-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: ca2d102b53a5ef91e1a9807910e6d9edcd19852bc343583adf6806accb862f3a
openvswitch-debuginfo-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: a1a9233014184d914f07f807c0924c7d20b8edbcfbff344ad167a5e40a65ee15
openvswitch-debuginfo-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: a1a9233014184d914f07f807c0924c7d20b8edbcfbff344ad167a5e40a65ee15
openvswitch-devel-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: 92874ffb6e989f18db52bdf0a7ae0536115a771643581cb77f323dcb3733f88d
openvswitch-devel-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: 92874ffb6e989f18db52bdf0a7ae0536115a771643581cb77f323dcb3733f88d
openvswitch-ovn-central-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: d9e0300fcbe117812af4b9810807ab9511964d28880f303cf5093482be934e0f
openvswitch-ovn-central-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: d9e0300fcbe117812af4b9810807ab9511964d28880f303cf5093482be934e0f
openvswitch-ovn-common-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: eb28256f3c0881fe9af5b4f895ccdfde51987d91815bb381f43a41284a3f4ddf
openvswitch-ovn-common-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: eb28256f3c0881fe9af5b4f895ccdfde51987d91815bb381f43a41284a3f4ddf
openvswitch-ovn-host-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: 98bec638d79b35447b38b3d1360b2d2bef093b4e3c7ffbb4544f02fd8e5dde7a
openvswitch-ovn-host-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: 98bec638d79b35447b38b3d1360b2d2bef093b4e3c7ffbb4544f02fd8e5dde7a
openvswitch-ovn-vtep-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: 9daef6d819b02d34a5b4e479a8d9623104641015f89565e0571373d85f225464
openvswitch-ovn-vtep-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: 9daef6d819b02d34a5b4e479a8d9623104641015f89565e0571373d85f225464
openvswitch-test-2.9.0-130.el7fdp.noarch.rpm	SHA-256: de79d26fb8614bd2608125ce7e5dd0146dee2e5e5c98ca46ecd11c1ee531a3ea
openvswitch-test-2.9.0-130.el7fdp.noarch.rpm	SHA-256: de79d26fb8614bd2608125ce7e5dd0146dee2e5e5c98ca46ecd11c1ee531a3ea
python-openvswitch-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: cb376293f82fb52498e0b423b5f3ebfef667be008334f682ebb1634c56c5721c
python-openvswitch-2.9.0-130.el7fdp.ppc64le.rpm	SHA-256: cb376293f82fb52498e0b423b5f3ebfef667be008334f682ebb1634c56c5721c

Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 7

SRPM
openvswitch-2.9.0-130.el7fdp.src.rpm	SHA-256: 32bee9af036303fcba5ec929fbeb682c2c0620bf0db6634592a4970f0bd52dd1
s390x
openvswitch-2.9.0-130.el7fdp.s390x.rpm	SHA-256: 8e555f8f41c8f56e24881e60c3e0553c880b15863c5819fc076198532dfad143
openvswitch-debuginfo-2.9.0-130.el7fdp.s390x.rpm	SHA-256: e29b602d1b1ecfc0be3354880b4bcce29a6a39b75fca7c1e49a6daeff3711b00
openvswitch-devel-2.9.0-130.el7fdp.s390x.rpm	SHA-256: d7250197de219683db25d77bbb8bbe1a703235333ce5fc4877464268e3bacb44
openvswitch-ovn-central-2.9.0-130.el7fdp.s390x.rpm	SHA-256: f3b24ec7ebe55b043b3800080fa1b7b465c8151100b2cfbb7c28d1e35fcf3067
openvswitch-ovn-common-2.9.0-130.el7fdp.s390x.rpm	SHA-256: 37f25f35e9abe4f841b792f8c652cf9b04f9f19303536f5b14a0cd5e7e35d562
openvswitch-ovn-host-2.9.0-130.el7fdp.s390x.rpm	SHA-256: 379a8a1848e42131b17cca43eda4b1c675a5b0f0783c9407c61f4c5d9cbe566e
openvswitch-ovn-vtep-2.9.0-130.el7fdp.s390x.rpm	SHA-256: 932ef8c8c64acc8581c921c7bb39f15f7a1bbef38701b529ef15189a8a0f7d4a
openvswitch-test-2.9.0-130.el7fdp.noarch.rpm	SHA-256: de79d26fb8614bd2608125ce7e5dd0146dee2e5e5c98ca46ecd11c1ee531a3ea
python-openvswitch-2.9.0-130.el7fdp.s390x.rpm	SHA-256: 549bee2a56467663b713b0adc3055b9f74fbf7694be1e3c774736dafbd8deabe