Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 8 Feb 2017 23:57:18 -0500
From: <cve-assign@...re.org>
To: <tyhicks@...onical.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<james.page@...ntu.com>, <security@...ntu.com>
Subject: Re: CVE Request: Nova-LXD incorrectly applied Neutron security group rules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Neutron security group rules were not being applied to Nova-LXD
> instances due to improperly named veth pairs. This resulted in network
> traffic to/from external hosts being incorrectly allowed.
> 
> https://launchpad.net/bugs/1656847
> https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2

>> neutron security group rules not applied to nova-lxd containers

>> Ensure LXD veth host device is named correctly 

Use CVE-2017-5936.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYm/MjAAoJEHb/MwWLVhi2GfsP/11sv6xSUUNviPsH3inKCd0L
yb75QNWPa0PykxWpK5qz66Zp5Am9m334X80aXVl8coClws8NsTaTUg69i3XlmqVn
7wkq5l1osxF0cL1q9WVdjsCeMrhtej8Eu3OOyjCIcdcXRlEXYamNsNCumcl9t4ag
fUf5Zg0vDJGUG+JBAjjJV7RVYzOPV0R+U3kjVec/tm1XwHrpCnPQuA0YM3Nsb8f4
VnGaqjjQ+3Q5IGv913iWYFSSsYFNaSHonKhZsHyzSBq/J2w6Emc6IlKpckpld5on
p/ti9N9DaDMaA6FbAjB8iE1G1z7d78NtVYu38ldWN96VEme+QP0/GA2PgUbMtDo1
b6GT/hOkwYhoajRBUmhKZJy/JSGBIZzOB6WnZ7HRch73XZZzRIgoQIwqubWrZOoO
z3Y/68B1nyRdlUFx2dVg2F20WwVPFDfSsbddiEtPAKtjiEdPnqfp4hyFvtcFgZSJ
p1Vy0UbgPPYDOfnk4Jsqg9gUP2NKw4Hu/XuNVQmpKGz6pTMRuNIi5UPgEpwACMjI
3xvNZuzjVIpprJIv4khDTBYWTCNu6M0Jy9uK1xy4jhuu/Uni3cNCl8hUg644ijkE
S1m7Dsr5JwxAjgdhZYImJ1cV9eMJVC5NAJY3R/aDbQy5Orj6roVXQCwPgh9RKONC
wdqgZRIgubzEuTWAlACz
=jFpH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ