CVE-2014-0187
Published: 28 April 2014
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
Priority
Status
Package | Release | Status |
---|---|---|
neutron Launchpad, Ubuntu, Debian |
upstream |
Released
(2014.2.b1)
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Released
(1:2013.2.3-0ubuntu1.5)
|
|
trusty |
Does not exist
(trusty was released [1:2014.1-0ubuntu1.3])
|
|
Patches: upstream: https://review.openstack.org/88057 (havana, pt1) upstream: https://review.openstack.org/88058 (havana, pt2) upstream: https://review.openstack.org/88674 (icehouse, pt1) upstream: https://review.openstack.org/88675 (icehouse, pt2) upstream: https://review.openstack.org/59212 (juno) |