(RHSA-2018:2715) Moderate: openstack-neutron security and bug fix update

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

• openstack-neutron: A router interface out of subnet IP range results in a denial of service (CVE-2018-14635)

For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.

Bug Fix(es):

• A new configuration option bridge_mac_table_size has been added for the neutron OVS agent. This value is set on every Open vSwitch bridge managed by the openvswitch-neutron-agent. The value controls the maximum number of MAC addresses that can be learned on a bridge. The default value for this new option is 50,000, which should be enough for most systems. Values outside a reasonable range (10 to 1,000,000) might be overridden by Open vSwitch. (BZ#1589031)

• Previously, when a VM was destroyed, the IPv6 lease was not removed from dnsmasq lease files due to a missing dhcp_release6 binary.

With this update, the dhcp_release6 binary is now provided in an updated dnsmasq-utils package version. (BZ#1545006)