Browse Source

Adds OSSA-2019-001 (CVE-2019-9735)

Change-Id: I11ec9820642d1eca14517bd39e01b5e8581cda82
Related-Bug: #1818385
Tristan Cacqueray 1 month ago
parent
commit
a8c4ab769b
1 changed files with 44 additions and 0 deletions
  1. 44
    0
      ossa/OSSA-2019-001.yaml

+ 44
- 0
ossa/OSSA-2019-001.yaml View File

@@ -0,0 +1,44 @@
1
+date: 2019-03-13
2
+
3
+id: OSSA-2019-001
4
+
5
+title: Unsupported dport option prevents applying security groups
6
+
7
+description: >
8
+  Erik Olof Gunnar Andersson with Blizzard Entertainment reported a
9
+  vulnerability in Neutron's iptables firewall module. By setting a
10
+  destination port in a security group rule along with a protocol
11
+  which doesn't support that option (for example, VRRP), an
12
+  authenticated user may block further application of security group
13
+  rules for instances from any project/tenant on the compute hosts
14
+  to which it's applied. Only deployments using the iptables
15
+  security group driver are affected.
16
+
17
+affected-products:
18
+  - product: neutron
19
+    version: '<10.0.8, >=11.0.0 <11.0.7, >=12.0.0 <12.0.6, >=13.0.0 <13.0.3'
20
+
21
+vulnerabilities:
22
+  - cve-id: CVE-2019-9735
23
+
24
+reporters:
25
+  - name: Erik Olof Gunnar Andersson
26
+    affiliation: Blizzard Entertainment
27
+    reported:
28
+      - CVE-2019-9735
29
+
30
+issues:
31
+  links:
32
+    - https://launchpad.net/bugs/1818385
33
+
34
+reviews:
35
+  ocata:
36
+    - https://review.openstack.org/640791
37
+  pike:
38
+    - https://review.openstack.org/640790
39
+  queens:
40
+    - https://review.openstack.org/640702
41
+  rocky:
42
+    - https://review.openstack.org/640685
43
+  stein:
44
+    - https://review.openstack.org/640619

Loading…
Cancel
Save