<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Means no fixes for havana? <br>
    <br>
    Rather boring...<br>
    <br>
    <div class="moz-cite-prefix">On 09/29/2014 05:10 PM, Grant Murphy
      wrote:<br>
    </div>
    <blockquote cite="mid:20140929141056.GB17554@lappy.redhat.com"
      type="cite">
      <pre wrap="">OpenStack Security Advisory: OSSA-2014-031
CVE: CVE-2014-6414
Date: September 29, 2014

Title: Admin-only network attributes may be reset to defaults by non-privileged users
Reporter: Elena Ezhova (Mirantis)
Products: Neutron
Versions: up to 2013.2.4 and 2014.1 versions up to 2014.1.2

Description:
Elena Ezhova from Mirantis reported a vulnerability in Neutron. By updating a network
attribute with a default value a non-privileged user may reset admin-only network
attributes. This may lead to unexpected behavior with security implications for
operators with a custom policy.json, or in some extreme cases network outages
resulting in denial of service. All deployments using neutron networking are
affected by this flaw.

Juno (development branch) fix:
<a class="moz-txt-link-freetext" href="https://review.openstack.org/114531">https://review.openstack.org/114531</a>

Icehouse fix:
<a class="moz-txt-link-freetext" href="https://review.openstack.org/123849">https://review.openstack.org/123849</a>

Notes:
This fix will be included in the Juno release 2014.2.0 and in
future 2014.1.3 release.

References:
<a class="moz-txt-link-freetext" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6414">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6414</a>
<a class="moz-txt-link-freetext" href="https://launchpad.net/bugs/1357379">https://launchpad.net/bugs/1357379</a>

--
Grant Murphy
OpenStack Vulnerability Management Team
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to     : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>