Bug 1949188 (CVE-2021-3499)
Summary: | CVE-2021-3499 openshift/ovn-kubernetes: Egress Firewall does not reliably apply firewall rules | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Przemyslaw Roguski <proguski> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aos-bugs, bbennett, bmontgom, eparis, jburrell, jokerman, nstielau, security-response-team, sponnaga |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A vulnerability was found in OVN Kubernetes where the Egress Firewall does not reliably apply firewall rules when there is multiple dns rules.
It could lead to potentially lose of confidentiality, integrity or availability of a service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-28 08:52:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1947917, 1949529, 1949530, 1987187 | ||
Bug Blocks: | 1948664, 1949494 |
Description
Przemyslaw Roguski
2021-04-13 16:59:08 UTC
Acknowledgments: Name: Michael Swenson (Red Hat) Statement: In OpenShift Container Platform 4 the default Container Network Interface (CNI) network provider plug-in is OpenShift SDN, and it's not affected by this flaw. Only the OVN-Kubernetes CNI network provider is affected. upstream PR: https://github.com/ovn-org/ovn-kubernetes/pull/2169 Used fixcvename on RHBA-2021:1550 This was fixed in 4.7.10 but only shipped in 4.7.11 with container ose-ovn-kubernetes-container-v4.7.0-202105071917.p0 |