Package: neutron Version: 2014.1.3-5 Severity: important Tags: security patch
OpenStack Security Advisory: 2014-039 CVE: CVE-2014-7821 Date: November 19, 2014 Title: Neutron DoS through invalid DNS configuration Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace) Products: Neutron Versions: up to 2014.1.3 and 2014.2 Description: Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported a vulnerability in Neutron. By configuring a maliciously crafted dns_nameservers an authenticated user may crash Neutron service resulting in a denial of service attack. All Neutron setups are affected. Kilo (development branch) fix: https://review.openstack.org/135616 Juno fix: https://review.openstack.org/135623 Icehouse fix: https://review.openstack.org/135624 Notes: This fix will be included in future 2014.1.4 and 2014.2.1 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821 https://launchpad.net/bugs/1378450 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
