Adds OSSA-2019-001 (CVE-2019-9735)
Change-Id: I11ec9820642d1eca14517bd39e01b5e8581cda82 Related-Bug: #1818385
This commit is contained in:
parent
1c6a37aeb4
commit
a8c4ab769b
|
@ -0,0 +1,44 @@
|
|||
date: 2019-03-13
|
||||
|
||||
id: OSSA-2019-001
|
||||
|
||||
title: Unsupported dport option prevents applying security groups
|
||||
|
||||
description: >
|
||||
Erik Olof Gunnar Andersson with Blizzard Entertainment reported a
|
||||
vulnerability in Neutron's iptables firewall module. By setting a
|
||||
destination port in a security group rule along with a protocol
|
||||
which doesn't support that option (for example, VRRP), an
|
||||
authenticated user may block further application of security group
|
||||
rules for instances from any project/tenant on the compute hosts
|
||||
to which it's applied. Only deployments using the iptables
|
||||
security group driver are affected.
|
||||
|
||||
affected-products:
|
||||
- product: neutron
|
||||
version: '<10.0.8, >=11.0.0 <11.0.7, >=12.0.0 <12.0.6, >=13.0.0 <13.0.3'
|
||||
|
||||
vulnerabilities:
|
||||
- cve-id: CVE-2019-9735
|
||||
|
||||
reporters:
|
||||
- name: Erik Olof Gunnar Andersson
|
||||
affiliation: Blizzard Entertainment
|
||||
reported:
|
||||
- CVE-2019-9735
|
||||
|
||||
issues:
|
||||
links:
|
||||
- https://launchpad.net/bugs/1818385
|
||||
|
||||
reviews:
|
||||
ocata:
|
||||
- https://review.openstack.org/640791
|
||||
pike:
|
||||
- https://review.openstack.org/640790
|
||||
queens:
|
||||
- https://review.openstack.org/640702
|
||||
rocky:
|
||||
- https://review.openstack.org/640685
|
||||
stein:
|
||||
- https://review.openstack.org/640619
|
Loading…
Reference in New Issue