[USN-4036-1] OpenStack Neutron vulnerability
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jun 25 13:42:10 UTC 2019
==========================================================================
Ubuntu Security Notice USN-4036-1
June 25, 2019
neutron vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Summary:
A system hardening measure could be bypassed.
Software Description:
- neutron: OpenStack Virtual Network Service
Details:
Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly
handled certain security group rules in the iptables firewall module. An
authenticated attacker could possibly use this issue to block further
application of security group rules for other instances.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
python-neutron 2:13.0.2-0ubuntu3.4
python3-neutron 2:13.0.2-0ubuntu3.4
Ubuntu 16.04 LTS:
python-neutron 2:8.4.0-0ubuntu7.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4036-1
CVE-2019-9735
Package Information:
https://launchpad.net/ubuntu/+source/neutron/2:13.0.2-0ubuntu3.4
https://launchpad.net/ubuntu/+source/neutron/2:8.4.0-0ubuntu7.4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20190625/f2638efe/attachment.sig>
More information about the ubuntu-security-announce
mailing list