[PKG-Openstack-devel] Bug#770431: CVE-2014-7821: DoS through invalid DNS configuration
Thomas Goirand
zigo at debian.org
Fri Nov 21 08:19:25 UTC 2014
Package: neutron
Version: 2014.1.3-5
Severity: important
Tags: security patch
OpenStack Security Advisory: 2014-039
CVE: CVE-2014-7821
Date: November 19, 2014
Title: Neutron DoS through invalid DNS configuration
Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace)
Products: Neutron
Versions: up to 2014.1.3 and 2014.2
Description:
Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported
a vulnerability in Neutron. By configuring a maliciously crafted
dns_nameservers an authenticated user may crash Neutron service
resulting in a denial of service attack. All Neutron setups are affected.
Kilo (development branch) fix:
https://review.openstack.org/135616
Juno fix:
https://review.openstack.org/135623
Icehouse fix:
https://review.openstack.org/135624
Notes:
This fix will be included in future 2014.1.4 and 2014.2.1 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821
https://launchpad.net/bugs/1378450
More information about the Openstack-devel
mailing list