Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <51799c78175246f8a0fa7a2cf4a579cb@imshyb02.MITRE.ORG>
Date: Wed, 8 Feb 2017 23:57:18 -0500
From: <cve-assign@...re.org>
To: <tyhicks@...onical.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<james.page@...ntu.com>, <security@...ntu.com>
Subject: Re: CVE Request: Nova-LXD incorrectly applied Neutron security group rules

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Neutron security group rules were not being applied to Nova-LXD
> instances due to improperly named veth pairs. This resulted in network
> traffic to/from external hosts being incorrectly allowed.
> 
> https://launchpad.net/bugs/1656847
> https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2

>> neutron security group rules not applied to nova-lxd containers

>> Ensure LXD veth host device is named correctly 

Use CVE-2017-5936.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYm/MjAAoJEHb/MwWLVhi2GfsP/11sv6xSUUNviPsH3inKCd0L
yb75QNWPa0PykxWpK5qz66Zp5Am9m334X80aXVl8coClws8NsTaTUg69i3XlmqVn
7wkq5l1osxF0cL1q9WVdjsCeMrhtej8Eu3OOyjCIcdcXRlEXYamNsNCumcl9t4ag
fUf5Zg0vDJGUG+JBAjjJV7RVYzOPV0R+U3kjVec/tm1XwHrpCnPQuA0YM3Nsb8f4
VnGaqjjQ+3Q5IGv913iWYFSSsYFNaSHonKhZsHyzSBq/J2w6Emc6IlKpckpld5on
p/ti9N9DaDMaA6FbAjB8iE1G1z7d78NtVYu38ldWN96VEme+QP0/GA2PgUbMtDo1
b6GT/hOkwYhoajRBUmhKZJy/JSGBIZzOB6WnZ7HRch73XZZzRIgoQIwqubWrZOoO
z3Y/68B1nyRdlUFx2dVg2F20WwVPFDfSsbddiEtPAKtjiEdPnqfp4hyFvtcFgZSJ
p1Vy0UbgPPYDOfnk4Jsqg9gUP2NKw4Hu/XuNVQmpKGz6pTMRuNIi5UPgEpwACMjI
3xvNZuzjVIpprJIv4khDTBYWTCNu6M0Jy9uK1xy4jhuu/Uni3cNCl8hUg644ijkE
S1m7Dsr5JwxAjgdhZYImJ1cV9eMJVC5NAJY3R/aDbQy5Orj6roVXQCwPgh9RKONC
wdqgZRIgubzEuTWAlACz
=jFpH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.