Adds OSSA-2015-001

Related-Bug: #1399172 Change-Id: I135c9278bc97cd9d731675ac8d155f9a3b1a2f33
2015-01-15 20:50:58 +00:00 · 2015-01-15 20:50:58 +00:00 · 82756ab36e
parent 3ddd6ef25c
commit 82756ab36e
1 changed files with 49 additions and 0 deletions
--- a/ossa/OSSA-2015-001.yaml
+++ b/ossa/OSSA-2015-001.yaml
@ -0,0 +1,49 @@
+date: 2015-01-08
+
+id: OSSA-2015-001
+
+title: 'L3 agent denial of service with radvd 2.0+'
+
+description: 'Ihar Hrachyshka from Red Hat reported a vulnerability in Neutron. By
+    creating 8 routers and assigning each of them a non-provider ipv6
+    subnet, a malicious user may block router update processing for all
+    tenants, potentially resulting in a Denial of Service. Only Neutron
+    setups running with radvd 2.0+ are affected.'
+
+affected-products:
+
+  - product: neutron
+    version: 2014.2 version up to 2014.2.1
+
+vulnerabilities:
+
+  - cve-id: CVE-2014-8153
+
+reporters:
+
+  - name: 'Ihar Hrachyshka'
+    affiliation: Red Hat
+    reported:
+      - CVE-2014-8153
+
+issues:
+
+  links:
+    - https://launchpad.net/bugs/1399172
+
+  type: launchpad
+
+reviews:
+
+  kilo:
+    - https://review.openstack.org/138688
+
+  juno:
+    - https://review.openstack.org/141575
+
+  type: gerrit
+
+notes:
+  - 'This fix will be included in a future 2014.2.2 release.'
+  - 'The OSSA announce format for the 2015 advisories has been changed to RST.'
+