[Openstack-security] [Bug 1262759] Re: ICMPv6 RAs should only be permitted from known routers
Thierry Carrez
thierry.carrez+lp at gmail.com
Thu Oct 16 08:52:20 UTC 2014
** Changed in: neutron
Milestone: juno-1 => 2014.2
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1262759
Title:
ICMPv6 RAs should only be permitted from known routers
Status in OpenStack Neutron (virtual network service):
Fix Released
Status in OpenStack Security Advisories:
Invalid
Bug description:
ICMPv6 is now allowed in from any host but other hosts can offer bogus
routes.
Change security group/port filtering to respect known routers:
- tenant routers attached to subnets and passing v6
- physical routers on provider networks provided on the network (as some sort of admin configurable list for that network).
(Security issue: One VM sharing a neutron network can divert outgoing
traffic from other VMs.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1262759/+subscriptions
More information about the Openstack-security
mailing list