Add OSSA-2019-002 (CVE-2019-10876)

Depends-On: https://review.openstack.org/#/c/650930/ Change-Id: I17b766efdbd63cfc6cdfc03a94f60911dd7acc9d
2019-04-08 09:58:35 -05:00 · 2019-04-08 09:58:35 -05:00 · 64232d9f1a
parent 625eac77ff
commit 64232d9f1a
1 changed files with 44 additions and 0 deletions
--- a/ossa/OSSA-2019-002.yaml
+++ b/ossa/OSSA-2019-002.yaml
@ -0,0 +1,44 @@
+date: 2019-04-08
+
+id: OSSA-2019-002
+
+title: Overlapping security group rules prevents compute node network configuration
+
+description: >
+  Diko Parvanov (Canonical) reported a vulnerability in
+  neutron-openvswitch-agent security group rules. By creating
+  two security groups with separate/overlapping port ranges, an
+  authenticated user may prevent neutron from being able to configure
+  networks on any compute nodes where those security groups are
+  present. All neutron deployments utilizing
+  neutron-openvswitch-agent are affected.
+
+
+affected-products:
+  - product: neutron
+    version: '>=11.0.0 <11.0.7, >=12.0.0 <12.0.6, >=13.0.0 <13.0.3'
+
+vulnerabilities:
+  - cve-id: CVE-2019-10876
+
+reporters:
+  - name: Diko Parvanov
+    affiliation: Canonical
+    reported:
+      - CVE-2019-10876
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1813007
+
+reviews:
+  pike:
+    - https://review.openstack.org/648102
+  queens:
+    - https://review.openstack.org/648004
+  rocky:
+    - https://review.openstack.org/648003
+  stein:
+    - https://review.openstack.org/648002
+  train:
+    - https://review.openstack.org/640252