(RHSA-2014:1078) Moderate: openstack-neutron security update

2014-08-20T04:00:00
ID RHSA-2014:1078
Type redhat
Reporter RedHat
Modified 2018-06-07T02:47:47

Description

OpenStack Networking (Neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

A denial of service flaw was found in Neutron's handling of allowed address pairs. There was no enforced quota on the amount of allowed address pairs, possibly allowing a sufficiently authorized user to create such a large number of firewall rules as to impact performance, or potentially render a compute node unusable. (CVE-2014-3555)

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Liping Mao from Cisco as the original reporter.

All openstack-neutron users are advised to upgrade to these updated packages, which correct this issue.