>> bugs reported upstream as potential security issues <<
An upstream developer responded to the bugs reported - the code
identified relates to the amphora agent which is internal to octavia,
and requires communication from the main octavia control process to the
HTTP server in the amphora agent to be TLS encrypted with mutual
authentication of client certificates.
Upstream acknowledged the potential bug but described the risk of
exploit as low due to this mitigating control.
The OpenStack Charms for Octavia setup the TLS encryption and
authentication as described.
** Changed in: octavia (Ubuntu)
Status: Incomplete => New
** Changed in: octavia (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1888309
Title:
[MIR] octavia
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/octavia/+bug/1888309/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
