From ${URL} : Title: Neutron IPTables firewall anti-spoof protection bypass Reporter: Romain Aviolat (Nagravision) and Dustin Lundquist (Blue Box Group, Inc) Products: Neutron Affects: <=7.0.4, >=8.0.0 <=8.1.0 Description: Romain Aviolat from Nagravision and Dustin Lundquist from Blue Box Group, Inc independently reported vulnerabilities in Neutron anti-spoof protection. By forging DHCP discovery messages or non-IP traffic, such as ARP or ICMPv6, an instance may spoof IP or MAC source addresses on attached networks resulting in denial of services and/or traffic interception. Moreover when L2population isn't used, other tenants attached to a shared network are also vulnerable. Neutron setups using the IPTables firewall driver are affected. References: https://bugs.launchpad.net/bugs/1502933 (icmpv6) https://bugs.launchpad.net/bugs/1558658 (mac, dhcp) @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
@ Security: Please vote!
GLSA Vote: No