Date: Mon, 21 Jul 2014 07:53:39 -0400 From: Tristan Cacqueray <tristan.cacqueray@...vance.com> To: oss-security@...ts.openwall.com Subject: [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555) OpenStack Security Advisory: 2014-025 CVE: CVE-2014-3555 Date: July 17, 2014 Title: Denial of Service in Neutron allowed address pair Reporter: Liping Mao (Cisco) Products: Neutron Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1 Description: Liping Mao from Cisco reported a denial of service vulnerability in Neutron's handling of allowed address pair. By creating a large number of allowed address pairs, an authenticated user may overwhelm neutron firewall rules and render compute nodes unusable. All Neutron setups are affected. Juno (development branch) fix: https://review.openstack.org/107734 Icehouse fix: https://review.openstack.org/107733 Havana fix: https://review.openstack.org/107731 Notes: This fix will be included in the Juno-2 development milestone and in future 2013.2.4 and 2014.1.2 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555 https://launchpad.net/bugs/1336207 -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ