Summary: | <sys-cluster/neutron--{2013.2.3-r1, 2014.1-r2}: Neutron security groups bypass through invalid CIDR (CVE-2014-0187) (OSSA 2014-014) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/04/22/8 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-22 15:00:11 UTC
Update on Links to status of Open CVE: https://bugs.launchpad.net/neutron/havana/+bug/1300785 Maintainers, please check looks like this was merged in on 5/6/2014 fixed in neutron-2013.2.3-r1 neutron-2014.1-r2, removing myself :D CVE-2014-0187 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0187): The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. Maintainer(s), Thank you for your work. Versions no longer in the tree. No GLSA needed as there are no stable versions. |