(RHSA-2014:1942) Moderate: openstack-neutron security and bug fix update

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven
system that provisions networking services to virtual machines. Its main
function is to manage connectivity to and from virtual machines. As of Red
Hat Enterprise Linux OpenStack Platform 4.0, ‘neutron’ replaces ‘quantum’
as the core component of OpenStack Networking.

A denial of service flaw was found in the way neutron handled the
‘dns_nameservers’ parameter. By providing specially crafted
‘dns_nameservers’ values, an authenticated user could use this flaw to
crash the neutron service. (CVE-2014-7821)

Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Henry Yamauchi, Charles Neill, and Michael Xin
(Rackspace) as the original reporters.

This update also fixes the following bugs:

• Prior to this update, the network name and UUID were not sent to N1KV
  during the subnet creation process. Consequently, N1KV was unable to
  properly associate the network and subnet in its local configuration.
  This update addresses this issue by sending the required network name and
  UUID during subnet creation, with the result that they are now properly
  associated on the N1KV. (BZ#1118508)

• Previously, a rollback did not result in all entries being cleared from
  the N1KV-specific database tables, resulting in the presence of stale
  entries. This update addresses the issue by performing a proper cleanup of
  all N1KV tables. Consequently, stale entries are no longer left in the N1KV
  tables. (BZ#1124991)

• Previously, the N1KV OpenStack Networking (neutron) plug-in did not sent
  the subtype for overlay networks during the network segment pool creation
  process. This update addresses this issue by sending the required details
  during the creation process. (BZ#1130336)

All openstack-neutron users are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.