Bug 1064163 (CVE-2014-0071)

Summary: CVE-2014-0071 OpenStack PackStack: Neutron Security Groups fail to block network traffic
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, chrisw, dallan, gkotton, gmollett, lhh, markmc, rbryant, rhos-maint, sclewis, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-07 06:04:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1052124, 1064179    
Bug Blocks: 1064174    

Description Kurt Seifried 2014-02-12 07:34:13 UTC
Yair Fried of Red Hat reports:

A regression from Grizzly and Havana exists in the PackStack rules deployed to Neutron. Specifically when default security groups are enabled they are not 
enforced, allowing connectivity to systems that should be blocked by the security 
groups.

External references:
https://review.openstack.org/#/c/62702/

Comment 4 errata-xmlrpc 2014-03-04 19:15:09 UTC
This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0233 https://rhn.redhat.com/errata/RHSA-2014-0233.html

Comment 5 Vincent Danen 2014-03-04 21:01:41 UTC
Statement:

(none)