[neutron][security-sig] Please revisit your open vulnerability reports

Jeremy Stanley fungi at yuggoth.org
Mon May 10 16:04:25 UTC 2021


Please help the OpenStack Vulnerability Management Team by taking a
look at the following reports:

    Anti-spoofing bypass using Open vSwitch (CVE-2021-20267)
    https://launchpad.net/bugs/1902917

    Neutron RBAC not working for multiple extensions
    https://launchpad.net/bugs/1784259

    tenant isolation is bypassed if port admin-state-up=false
    https://launchpad.net/bugs/1798904

    non-IP ethertypes are permitted with iptables_hybrid firewall
        driver
    https://launchpad.net/bugs/1838473

    RA Leak on tenant network
    https://launchpad.net/bugs/1844712

    Anti-spoofing bypass
    https://launchpad.net/bugs/1884341

Can these be exploited by a nefarious actor, and if so, how? Are
they likely to be fixable in all our supported stable branches,
respecting stable backport policy? What deployment configurations
and options might determine whether a particular installation is
susceptible? This is the sort of feedback we depend on to make
determinations regarding whether and how to keep the public
notified, so they can make informed decisions.

Thanks for doing your part to keep our users safe!
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210510/fa5979d3/attachment.sig>


More information about the openstack-discuss mailing list