Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <51799c78175246f8a0fa7a2cf4a579cb@imshyb02.MITRE.ORG>
Date: Wed, 8 Feb 2017 23:57:18 -0500
From: <cve-assign@...re.org>
To: <tyhicks@...onical.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<james.page@...ntu.com>, <security@...ntu.com>
Subject: Re: CVE Request: Nova-LXD incorrectly applied Neutron security group rules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Neutron security group rules were not being applied to Nova-LXD
> instances due to improperly named veth pairs. This resulted in network
> traffic to/from external hosts being incorrectly allowed.
> 
> https://launchpad.net/bugs/1656847
> https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2

>> neutron security group rules not applied to nova-lxd containers

>> Ensure LXD veth host device is named correctly 

Use CVE-2017-5936.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYm/MjAAoJEHb/MwWLVhi2GfsP/11sv6xSUUNviPsH3inKCd0L
yb75QNWPa0PykxWpK5qz66Zp5Am9m334X80aXVl8coClws8NsTaTUg69i3XlmqVn
7wkq5l1osxF0cL1q9WVdjsCeMrhtej8Eu3OOyjCIcdcXRlEXYamNsNCumcl9t4ag
fUf5Zg0vDJGUG+JBAjjJV7RVYzOPV0R+U3kjVec/tm1XwHrpCnPQuA0YM3Nsb8f4
VnGaqjjQ+3Q5IGv913iWYFSSsYFNaSHonKhZsHyzSBq/J2w6Emc6IlKpckpld5on
p/ti9N9DaDMaA6FbAjB8iE1G1z7d78NtVYu38ldWN96VEme+QP0/GA2PgUbMtDo1
b6GT/hOkwYhoajRBUmhKZJy/JSGBIZzOB6WnZ7HRch73XZZzRIgoQIwqubWrZOoO
z3Y/68B1nyRdlUFx2dVg2F20WwVPFDfSsbddiEtPAKtjiEdPnqfp4hyFvtcFgZSJ
p1Vy0UbgPPYDOfnk4Jsqg9gUP2NKw4Hu/XuNVQmpKGz6pTMRuNIi5UPgEpwACMjI
3xvNZuzjVIpprJIv4khDTBYWTCNu6M0Jy9uK1xy4jhuu/Uni3cNCl8hUg644ijkE
S1m7Dsr5JwxAjgdhZYImJ1cV9eMJVC5NAJY3R/aDbQy5Orj6roVXQCwPgh9RKONC
wdqgZRIgubzEuTWAlACz
=jFpH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.