Date: Mon, 21 Jul 2014 07:53:39 -0400 From: Tristan Cacqueray <tristan.cacqueray@...vance.com> To: oss-security@...ts.openwall.com Subject: [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555) OpenStack Security Advisory: 2014-025 CVE: CVE-2014-3555 Date: July 17, 2014 Title: Denial of Service in Neutron allowed address pair Reporter: Liping Mao (Cisco) Products: Neutron Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1 Description: Liping Mao from Cisco reported a denial of service vulnerability in Neutron's handling of allowed address pair. By creating a large number of allowed address pairs, an authenticated user may overwhelm neutron firewall rules and render compute nodes unusable. All Neutron setups are affected. Juno (development branch) fix: https://review.openstack.org/107734 Icehouse fix: https://review.openstack.org/107733 Havana fix: https://review.openstack.org/107731 Notes: This fix will be included in the Juno-2 development milestone and in future 2013.2.4 and 2014.1.2 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555 https://launchpad.net/bugs/1336207 -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.