Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2019:0935
HistoryApr 30, 2019 - 4:40 p.m.

(RHSA-2019:0935) Important: openstack-neutron security and bug fix update

2019-04-3016:40:52
access.redhat.com
17

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.1%

JSON

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

  • openstack-neutron: incorrect validation of port settings in iptables security group driver (CVE-2019-9735)

  • openstack-neutron: DOS via broken port range merging in security group (CVE-2019-10876)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchopenstack-neutron< 12.0.5-11.el7ostopenstack-neutron-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchpython-neutron< 12.0.5-11.el7ostpython-neutron-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchopenstack-neutron-rpc-server< 12.0.5-11.el7ostopenstack-neutron-rpc-server-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchopenstack-neutron-metering-agent< 12.0.5-11.el7ostopenstack-neutron-metering-agent-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchopenstack-neutron-openvswitch< 12.0.5-11.el7ostopenstack-neutron-openvswitch-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchopenstack-neutron-common< 12.0.5-11.el7ostopenstack-neutron-common-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchopenstack-neutron-macvtap-agent< 12.0.5-11.el7ostopenstack-neutron-macvtap-agent-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchopenstack-neutron-linuxbridge< 12.0.5-11.el7ostopenstack-neutron-linuxbridge-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchopenstack-neutron-ml2< 12.0.5-11.el7ostopenstack-neutron-ml2-12.0.5-11.el7ost.noarch.rpm
RedHat7noarchopenstack-neutron-sriov-nic-agent< 12.0.5-11.el7ostopenstack-neutron-sriov-nic-agent-12.0.5-11.el7ost.noarch.rpm

Related

redhat 2
nessus 5
prion 2
osv 7
veracode 2
ubuntucve 2
cvelist 2
ubuntu 1
github 2
ibm 1
redhatcve 2
debiancve 2
nvd 2
debian 1
openvas 2
cve 2
redhat
redhat
(RHSA-2019:0879) Important: openstack-neutron security update
2019-04-30 17:01:47
(RHSA-2019:0916) Important: Red Hat Enterprise Linux OpenStack Platform security update
2019-04-30 16:30:39
nessus
nessus
RHEL 7 : openstack-neutron (RHSA-2019:0879)
2024-04-28 00:00:00
RHEL 7 : openstack-neutron (RHSA-2019:0935)
2024-04-27 00:00:00
Debian DSA-4409-1 : neutron - security update
2019-03-20 00:00:00
prion
prion
Design/Logic Flaw
2019-04-05 05:29:00
Security feature bypass
2019-03-13 02:29:00
osv
osv
OpenStack Neutron overlapping security group rules prevents compute node network configuration
2022-05-13 01:07:34
OpenStack Neutron's unsupported dport option prevents applying security groups
2022-05-13 01:07:34
CVE-2019-9735
2019-03-13 02:29:00
veracode
veracode
Denial Of Service (DoS)
2019-04-10 03:01:02
Security Rules Bypass
2019-03-14 10:06:44
ubuntucve
ubuntucve
CVE-2019-10876
2019-04-05 00:00:00
CVE-2019-9735
2019-03-12 00:00:00
cvelist
cvelist
CVE-2019-10876
2019-04-05 04:01:40
CVE-2019-9735
2019-03-13 02:00:00
ubuntu
ubuntu
OpenStack Neutron vulnerability
2019-06-25 00:00:00
github
github
OpenStack Neutron's unsupported dport option prevents applying security groups
2022-05-13 01:07:34
OpenStack Neutron overlapping security group rules prevents compute node network configuration
2022-05-13 01:07:34
ibm
ibm
Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876)
2019-12-09 23:31:57
redhatcve
redhatcve
CVE-2019-10876
2019-04-05 13:19:49
CVE-2019-9735
2019-03-20 07:49:50
debiancve
debiancve
CVE-2019-10876
2019-04-05 05:29:03
CVE-2019-9735
2019-03-13 02:29:00
nvd
nvd
CVE-2019-10876
2019-04-05 05:29:03
CVE-2019-9735
2019-03-13 02:29:00
debian
debian
[SECURITY] [DSA 4409-1] neutron security update
2019-03-18 22:15:44
openvas
openvas
Ubuntu: Security Advisory (USN-4036-1)
2019-06-26 00:00:00
Debian: Security Advisory (DSA-4409-1)
2019-03-17 00:00:00
cve
cve
CVE-2019-9735
2019-03-13 02:29:00
CVE-2019-10876
2019-04-05 05:29:03

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.1%

JSON
Related for RHSA-2019:0935
redhat2nessus5prion2osv7veracode2ubuntucve2cvelist2ubuntu1github2ibm1redhatcve2debiancve2nvd2debian1openvas2cve2