[USN-4036-1] OpenStack Neutron vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jun 25 13:42:10 UTC 2019

Ubuntu Security Notice USN-4036-1
June 25, 2019

neutron vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 16.04 LTS


A system hardening measure could be bypassed.

Software Description:
- neutron: OpenStack Virtual Network Service


Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly
handled certain security group rules in the iptables firewall module. An
authenticated attacker could possibly use this issue to block further
application of security group rules for other instances.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  python-neutron                  2:13.0.2-0ubuntu3.4
  python3-neutron                 2:13.0.2-0ubuntu3.4

Ubuntu 16.04 LTS:
  python-neutron                  2:8.4.0-0ubuntu7.4

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20190625/f2638efe/attachment.sig>

More information about the ubuntu-security-announce mailing list