From gagehugo at gmail.com Tue Apr 9 15:50:05 2019 From: gagehugo at gmail.com (Gage Hugo) Date: Tue, 9 Apr 2019 10:50:05 -0500 Subject: [openstack-announce] [OSSA-2019-002] Unable to install new flows on compute nodes when having broken security group rules (CVE-2019-10876) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 =========================================================================================== OSSA-2019-002: Overlapping security group rules prevents compute node network configuration =========================================================================================== :Date: April 08, 2019 :CVE: CVE-2019-10876 Affects ~~~~~~~ - - Neutron: >=11.0.0 <11.0.7, >=12.0.0 <12.0.6, >=13.0.0 <13.0.3 Description ~~~~~~~~~~~ Diko Parvanov (Canonical) reported a vulnerability in neutron- openvswitch-agent security group rules. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent neutron from being able to configure networks on any compute nodes where those security groups are present. All neutron deployments utilizing neutron-openvswitch-agent are affected. Patches ~~~~~~~ - - https://review.openstack.org/648102 (Pike) - - https://review.openstack.org/648004 (Queens) - - https://review.openstack.org/648003 (Rocky) - - https://review.openstack.org/648002 (Stein) - - https://review.openstack.org/640252 (Train) Credits ~~~~~~~ - - Diko Parvanov from Canonical (CVE-2019-10876) References ~~~~~~~~~~ - - https://launchpad.net/bugs/1813007 - - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10876 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWa125cLHIuv6ekof56j9K3b+vREFAlysvccACgkQ56j9K3b+ vREj3BAAvVBLfJT/cOyk2VjXjvlNKBWs1uokNE5PwzT0M2kvEW42zG78JpJj9EyJ ONQMCiuclWJ6XcBLBhDG2MHzl31Rqnfhi1UxQoUPwZYtgTcokLa4NaGCQUMrRwpq vigC8zWA9SiIQBHp4b/HE1ZA0GCKgK5CS2OuqmQH25/AzIDqwZZ7ljstRMh28VDd PnorJwifeKq1uUL1AGRWmDUvfYaqzTbMxNlUcrXt2Iy50VLxdokmD+PtZMLvb7lq UcpJ7R/er6HipNDE42hNzQAgEoPBNJ3hwEiLU64ZPCxSCMeKos5d2yAPNwLUYwdm lVYJQtW1GkNDLvY37pHOFzFCK2XhjKQB29iZjz5ipC9EKs1HLnxCfJfvIS+bK3Bt c3R0frUOOiDPeP+so1edl1f0eZJlhzV3SlFsLfLfFa1BYTxj6uuQdSaPaOTCGaLN 4TLAtysGl+USvXirOH+F/vuz9P0LOlL4f86/gwNY9Asb27MmKZFtUhQLux/k34Xg gwSFtWTKqLJWrZjlGL/9irh6PiS6myrPCxsYh8XXOpVHSw5D353NrZ3hapvUthA6 BoArm9XxRlwzgu8JwXpEAc9FXRg3jUcwMrSYc5yZF4mw95+sfdHKVhoI6LuxBkYd dA0aqbB/QkuFSanDZ+Z634LCkfbk/2Eo3HgjsrPUdvg2z2zLwfk= =53iD -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From sean.mcginnis at gmx.com Wed Apr 10 14:44:56 2019 From: sean.mcginnis at gmx.com (Sean McGinnis) Date: Wed, 10 Apr 2019 09:44:56 -0500 Subject: [openstack-announce] OpenStack Stein is officially released! Message-ID: <20190410144456.GB20373@sm-workstation> Hello OpenStack community, I'm excited to announce the final releases for the components of OpenStack Stein, which conclude the Stein development cycle. You will find a complete list of all components, their latest versions, and links to individual project release notes documents listed on the release site. https://releases.openstack.org/stein/ Congratulations to all of the teams who have contributed to this release! Our next production cycle, Train, has already started. We will meet in Denver, CO May 2-4 at the Project Team Gathering to plan the work for the upcoming cycle. I hope to see you there! Thanks, Sean McGinnis and the whole Release Management team