[ubuntu/bionic-updates] neutron 2:12.1.1-0ubuntu8.1 (Accepted)

Wed May 10 12:28:40 UTC 2023

neutron (2:12.1.1-0ubuntu8.1) bionic-security; urgency=medium

  * SECURITY UPDATE: IPv6 impersonation in Open vSwitch firewall rules
    - debian/patches/CVE-2021-20267-1.patch: allow egress ICMPv6 only for
      known addresses in
      doc/source/contributor/internals/openvswitch_firewall.rst,
      neutron/agent/linux/openvswitch_firewall/firewall.py,
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py.
    - debian/patches/CVE-2021-20267-2.patch: restrict IPv6 NA and DHCP(v6)
      IP and MAC source addresses in neutron/agent/firewall.py,
      neutron/agent/linux/openvswitch_firewall/firewall.py,
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py.
    - CVE-2021-20267
  * SECURITY UPDATE: hardware address impersonation with ebtables-nft
    - debian/patches/CVE-2021-38598.patch: make ARP protection commands
      compatible with "ebtables-nft" in
      neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py,
      neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_arp_protect.py.
    - CVE-2021-38598
  * SECURITY UPDATE: dnsmasq reconfiguration issue
    - debian/patches/CVE-2021-40085.patch: remove dhcp_extra_opt value
      after first newline character in neutron/agent/linux/dhcp.py,
      neutron/tests/unit/agent/linux/test_dhcp.py.
    - CVE-2021-40085
  * SECURITY UPDATE: memory consumption via API requests
    - debian/patches/CVE-2021-40797.patch: don't use singleton in
      routes.middleware.RoutesMiddleware in neutron/api/extensions.py.
    - CVE-2021-40797
  * SECURITY UPDATE: uncontrolled resource consumption flaw
    - debian/patches/CVE-2022-3277.patch: do not allow a tenant to create a
      default SG for another one in neutron/db/securitygroups_db.py,
      neutron/tests/unit/db/test_securitygroups_db.py.
    - CVE-2022-3277

Date: 2023-04-19 15:12:09.897504+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/neutron/2:12.1.1-0ubuntu8.1
-------------- next part --------------
Sorry, changesfile not available.