Bug 1142012 (CVE-2014-6414)
Summary: | CVE-2014-6414 openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abaron, aortega, apevec, apevec, ayoung, carnil, chrisw, dallan, gkotton, gmollett, ihrachys, jlibosva, jrusnack, lhh, lpeer, majopela, markmc, mmcallis, nyechiel, p, rbryant, rk, sclewis, twilson, vdanen, yeylon |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-11-03 12:17:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1142013, 1142014, 1147185, 1147186, 1147187 | ||
Bug Blocks: | 1142015 |
Description
Murray McAllister
2014-09-16 02:41:31 UTC
Created openstack-neutron tracking bugs for this issue: Affects: fedora-20 [bug 1142013] I've already backported the fix to RDO Havana, so there should be no issues with that. So please create trackers. Also, the earlier we handle the issue, the better. (In reply to Ihar Hrachyshka from comment #6) > I've already backported the fix to RDO Havana, so there should be no issues > with that. So please create trackers. Also, the earlier we handle the issue, > the better. Great, thanks Ihar. openstack-neutron-2013.2.4-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. IssueDescription: It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service. This issue has been addressed in the following products: OpenStack 4 for RHEL 6 Via RHSA-2014:1686 https://rhn.redhat.com/errata/RHSA-2014-1686.html This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2014:1786 https://rhn.redhat.com/errata/RHSA-2014-1786.html This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2014:1785 https://rhn.redhat.com/errata/RHSA-2014-1785.html |