<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Means no fixes for havana? <br>
<br>
Rather boring...<br>
<br>
<div class="moz-cite-prefix">On 09/29/2014 05:10 PM, Grant Murphy
wrote:<br>
</div>
<blockquote cite="mid:20140929141056.GB17554@lappy.redhat.com"
type="cite">
<pre wrap="">OpenStack Security Advisory: OSSA-2014-031
CVE: CVE-2014-6414
Date: September 29, 2014
Title: Admin-only network attributes may be reset to defaults by non-privileged users
Reporter: Elena Ezhova (Mirantis)
Products: Neutron
Versions: up to 2013.2.4 and 2014.1 versions up to 2014.1.2
Description:
Elena Ezhova from Mirantis reported a vulnerability in Neutron. By updating a network
attribute with a default value a non-privileged user may reset admin-only network
attributes. This may lead to unexpected behavior with security implications for
operators with a custom policy.json, or in some extreme cases network outages
resulting in denial of service. All deployments using neutron networking are
affected by this flaw.
Juno (development branch) fix:
<a class="moz-txt-link-freetext" href="https://review.openstack.org/114531">https://review.openstack.org/114531</a>
Icehouse fix:
<a class="moz-txt-link-freetext" href="https://review.openstack.org/123849">https://review.openstack.org/123849</a>
Notes:
This fix will be included in the Juno release 2014.2.0 and in
future 2014.1.3 release.
References:
<a class="moz-txt-link-freetext" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6414">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6414</a>
<a class="moz-txt-link-freetext" href="https://launchpad.net/bugs/1357379">https://launchpad.net/bugs/1357379</a>
--
Grant Murphy
OpenStack Vulnerability Management Team
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>