Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 680864 (CVE-2019-9735) - <sys-cluster/neutron-13.0.3: Unsupported dport option prevents applying security groups
Summary: <sys-cluster/neutron-13.0.3: Unsupported dport option prevents applying secur...
Alias: CVE-2019-9735
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2019-03-18 15:54 UTC by Agostino Sarubbo
Modified: 2019-04-29 23:14 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2019-03-18 15:54:18 UTC
From ${URL} :

OSSA-2019-001: Unsupported dport option prevents applying security groups

:Date: March 13, 2019
:CVE: CVE-2019-9735

- Neutron: <10.0.8, >=11.0.0 <11.0.7, >=12.0.0 <12.0.6, >=13.0.0 <13.0.3

Erik Olof Gunnar Andersson with Blizzard Entertainment reported a
vulnerability in Neutron's iptables firewall module. By setting a
destination port in a security group rule along with a protocol which
doesn't support that option (for example, VRRP), an authenticated user
may block further application of security group rules for instances
from any project/tenant on the compute hosts to which it's applied.
Only deployments using the iptables security group driver are

- (Ocata)
- (Pike)
- (Queens)
- (Rocky)
- (Stein)

- Erik Olof Gunnar Andersson from Blizzard Entertainment (CVE-2019-9735)


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Larry the Git Cow gentoo-dev 2019-04-29 23:05:39 UTC
The bug has been referenced in the following commit(s):

commit cb3e22302fab7f9d4b5cb290e126458565ae2e34
Author:     Matthew Thode <>
AuthorDate: 2019-04-29 23:05:12 +0000
Commit:     Matthew Thode <>
CommitDate: 2019-04-29 23:05:27 +0000

    sys-cluster/neutron: 13.0.3 stable amd64/x86 with cleanup
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Matthew Thode <>

 sys-cluster/neutron/Manifest                 |   3 -
 sys-cluster/neutron/neutron-13.0.2-r1.ebuild | 231 ---------------------------
 sys-cluster/neutron/neutron-13.0.3.ebuild    |   2 +-
 3 files changed, 1 insertion(+), 235 deletions(-)
Comment 2 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-29 23:06:42 UTC
cleaned up, removing openstack/myself from cc, readd if needed