Merge "Add OSSA-2021-001 (CVE-2021-20267)"
This commit is contained in:
commit
a869f795e8
|
@ -0,0 +1,67 @@
|
|||
date: 2021-07-08
|
||||
|
||||
id: OSSA-2021-001
|
||||
|
||||
title: Anti-spoofing bypass for Open vSwitch networks
|
||||
|
||||
description: >
|
||||
David Sinquin with Gandi.net reported a vulnerability in Neutron's default
|
||||
Open vSwitch firewall rules. By sending carefully crafted packets, anyone in
|
||||
control of a server instance connected to the virtual switch can impersonate
|
||||
the IPv6 addresses of other systems on the network, resulting in denial of
|
||||
service or in some cases possibly interception of traffic intended for other
|
||||
destinations. Only deployments using the Open vSwitch driver are affected.
|
||||
|
||||
affected-products:
|
||||
- product: Neutron
|
||||
version: '<16.3.3, >=17.0.0 <17.1.3, =18.0.0'
|
||||
|
||||
vulnerabilities:
|
||||
- cve-id: CVE-2021-20267
|
||||
|
||||
reporters:
|
||||
- name: David Sinquin
|
||||
affiliation: Gandi.net
|
||||
reported:
|
||||
- CVE-2021-20267
|
||||
|
||||
issues:
|
||||
links:
|
||||
- https://launchpad.net/bugs/1902917
|
||||
|
||||
reviews:
|
||||
xena:
|
||||
- https://review.opendev.org/783743
|
||||
|
||||
wallaby:
|
||||
- https://review.opendev.org/776599
|
||||
- https://review.opendev.org/791464
|
||||
|
||||
victoria:
|
||||
- https://review.opendev.org/777783
|
||||
- https://review.opendev.org/791465
|
||||
|
||||
ussuri:
|
||||
- https://review.opendev.org/777784
|
||||
- https://review.opendev.org/791467
|
||||
|
||||
train:
|
||||
- https://review.opendev.org/777785
|
||||
- https://review.opendev.org/791468
|
||||
|
||||
stein:
|
||||
- https://review.opendev.org/777872
|
||||
- https://review.opendev.org/791500
|
||||
|
||||
rocky:
|
||||
- https://review.opendev.org/777786
|
||||
- https://review.opendev.org/791469
|
||||
|
||||
queens:
|
||||
- https://review.opendev.org/777873
|
||||
- https://review.opendev.org/791470
|
||||
|
||||
notes:
|
||||
- The stable/train, stable/stein, stable/rocky, and stable/queens branches
|
||||
are under extended maintenance and will receive no new point releases, but
|
||||
patches for them are provided as a courtesy.
|
Loading…
Reference in New Issue