Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 10 Dec 2014 14:41:51 -0500
From: Tristan Cacqueray <>
Subject: [OSSA 2014-039.1] Neutron DoS through invalid DNS configuration (CVE-2014-7821)

OpenStack Security Advisory: 2014-039 (ERRATA 1)
CVE: CVE-2014-7821
Date: December 10, 2014
Title: Neutron DoS through invalid DNS configuration
Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace)
Products: Neutron
Versions: up to 2014.1.3 and 2014.2

Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported
a vulnerability in Neutron. By configuring a maliciously crafted
dns_nameservers an authenticated user may crash Neutron service
resulting in a denial of service attack. All Neutron setups are affected.

The former fix did not take into account the usage of hostnames as
nameserver and caused a regression for this use-case. This update
provides an additional fix for that issue.

Kilo (development branch) fixes: (original) (errata)

Juno fixes: (original) (errata)

Icehouse fixes: (original) (errata)

These fixes are included in the 2014.2.1 release and will be included in
a future 2014.1.4 release.


OSSA History:
2014-12-10 - Errata 1
2014-11-19 - Original Version

Tristan Cacqueray
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.