OpenStack Networking (Neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.
A denial of service flaw was found in Neutron's handling of allowed address pairs. There was no enforced quota on the amount of allowed address pairs, possibly allowing a sufficiently authorized user to create such a large number of firewall rules as to impact performance, or potentially render a compute node unusable. (CVE-2014-3555)
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Liping Mao from Cisco as the original reporter.
All openstack-neutron users are advised to upgrade to these updated packages, which correct this issue.