Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...

openstack-neutron: DoS via maliciously crafted dns_nameservers

A denial of service flaw was found in the way neutron handled the 'dnsnameservers' parameter. By providing specially crafted 'dnsnameservers' values, an authenticated user could use this flaw to crash the neutron service...

CVE-2014-3703

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

Design/Logic Flaw

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

CVE-2014-3703

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

CVE-2014-3703

OpenStack PackStack 2012.2.1 vulnerable when the OVS monolithic plug-in is not used; PackStack-generated nova.conf may fail to set libvirt_vif_driver, which can disable the firewall and allow remote access bypass. Red Hat's RHSA-2014:1691 documents this issue and provides the fix in an updated Pa...

OpenStack multiple security vulnerabilities

OpenStack Cinder information leakage, Keystone information leakage, Nova information leakage and restrictions bypass, Neutron restrictions bypass...

[USN-2405-1] OpenStack Cinder vulnerabilities

========================================================================== Ubuntu Security Notice USN-2405-1 November 11, 2014 cinder vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2407-1] OpenStack Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-2407-1 November 11, 2014 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2408-1] OpenStack Neutron vulnerability

========================================================================== Ubuntu Security Notice USN-2408-1 November 11, 2014 neutron vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2406-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-2406-1 November 11, 2014 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

DEBIAN-CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

Design/Logic Flaw

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

CVE-2014-7821

OpenStack Neutron vulnerable to a denial-of-service via a crafted dns_nameservers value in DNS configuration. Affected products: OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1. Root cause: improper handling of the dns_nameservers parameter leads to crash when an authenticated user...

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

PT-2014-8292 · Openstack · Openstack Neutron

Name of the Vulnerable Software and Affected Versions: OpenStack Neutron versions prior to 2014.1.4 OpenStack Neutron versions 2014.2.x prior to 2014.2.1 Description: The issue allows remote authenticated users to cause a denial of service, resulting in a crash. This can be achieved by providing ...