UbuntuUpdates.org

Package "neutron-linuxbridge-agent"

Name: neutron-linuxbridge-agent

Description:

Neutron is a virtual network service for Openstack - linuxbridge agent
Latest version: 2:12.1.1-0ubuntu8.1
Release: bionic (18.04)
Level: security
Repository: main
Head package: neutron

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "neutron-linuxbridge-agent"

All arch deb package
APT INSTALL

Other versions of "neutron-linuxbridge-agent" in Bionic

Repository Area Version
base main 2:12.0.1-0ubuntu1
updates main 2:12.1.1-0ubuntu8.1

Changelog

Version: 2:12.1.1-0ubuntu8.1 2023-05-10 13:07:10 UTC

  neutron (2:12.1.1-0ubuntu8.1) bionic-security; urgency=medium

  * SECURITY UPDATE: IPv6 impersonation in Open vSwitch firewall rules
    - debian/patches/CVE-2021-20267-1.patch: allow egress ICMPv6 only for
      known addresses in
      doc/source/contributor/internals/openvswitch_firewall.rst,
      neutron/agent/linux/openvswitch_firewall/firewall.py,
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py.
    - debian/patches/CVE-2021-20267-2.patch: restrict IPv6 NA and DHCP(v6)
      IP and MAC source addresses in neutron/agent/firewall.py,
      neutron/agent/linux/openvswitch_firewall/firewall.py,
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py.
    - CVE-2021-20267
  * SECURITY UPDATE: hardware address impersonation with ebtables-nft
    - debian/patches/CVE-2021-38598.patch: make ARP protection commands
      compatible with "ebtables-nft" in
      neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py,
      neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_arp_protect.py.
    - CVE-2021-38598
  * SECURITY UPDATE: dnsmasq reconfiguration issue
    - debian/patches/CVE-2021-40085.patch: remove dhcp_extra_opt value
      after first newline character in neutron/agent/linux/dhcp.py,
      neutron/tests/unit/agent/linux/test_dhcp.py.
    - CVE-2021-40085
  * SECURITY UPDATE: memory consumption via API requests
    - debian/patches/CVE-2021-40797.patch: don't use singleton in
      routes.middleware.RoutesMiddleware in neutron/api/extensions.py.
    - CVE-2021-40797
  * SECURITY UPDATE: uncontrolled resource consumption flaw
    - debian/patches/CVE-2022-3277.patch: do not allow a tenant to create a
      default SG for another one in neutron/db/securitygroups_db.py,
      neutron/tests/unit/db/test_securitygroups_db.py.
    - CVE-2022-3277

 -- Marc Deslauriers <email address hidden> Tue, 18 Apr 2023 11:23:51 -0400
CVE-2021-20267 A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server inst
CVE-2021-38598 OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft i
CVE-2021-40085 An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsma
CVE-2021-40797 An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API reques
CVE-2022-3277 An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security gr


About   -   Send Feedback to @ubuntu_updates