MEDIUM

GHSA-wf44-4mgj-rwvx

OpenStack Neutron Improper Input Validation vulnerability

Details

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / neutron

Introduced in: 0 Fixed in: 2014.2.4

Fix pip install --upgrade 'neutron>=2014.2.4'

PyPI / neutron

Introduced in: 2015.1.0 Fixed in: 2015.1.1

Fix pip install --upgrade 'neutron>=2015.1.1'

References

https://nvd.nist.gov/vuln/detail/CVE-2015-3221 [ADVISORY]
https://access.redhat.com/errata/RHSA-2015:1680 [WEB]
https://access.redhat.com/security/cve/CVE-2015-3221 [WEB]
https://bugs.launchpad.net/neutron/+bug/1461054 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=1232284 [WEB]
https://git.openstack.org/cgit/openstack/neutron/commit/?id=9ff6138c47c95034ba845e9448ddffd147b51f38 [WEB]
https://opendev.org/openstack/neutron [PACKAGE]
https://web.archive.org/web/20200228084753/http://www.securityfocus.com/bid/75368 [WEB]
http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html [WEB]
http://rhn.redhat.com/errata/RHSA-2015-1680.html [WEB]