1152702 – (CVE-2014-3703) CVE-2014-3703 Red Hat Openstack 4 Neutron: security groups fail to block traffic properly due to packstack configuration

Bug 1152702 (CVE-2014-3703) - CVE-2014-3703 Red Hat Openstack 4 Neutron: security groups fail to block traffic properly due to packstack configuration

Summary: CVE-2014-3703 Red Hat Openstack 4 Neutron: security groups fail to block traf...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-3703
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1152703
Blocks:	1152704
TreeView+	depends on / blocked

Reported:	2014-10-14 18:28 UTC by Kurt Seifried
Modified:	2023-05-12 05:23 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-10-22 20:08:32 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:1691	0	normal	SHIPPED_LIVE	Important: openstack-packstack security, bug fix, and enhancement update	2014-10-22 21:16:02 UTC

Description Kurt Seifried 2014-10-14 18:28:59 UTC

It was discovered that the nova.conf configuration generated by packstack did not correctly set the libvirt_vif_driver correctly if the OVS monolithic plugin was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after packstack was run.

Acknowledgements:

This issue was discovered by Yair Fried of Red Hat.

Comment 2 Martin Prpič 2014-10-21 08:35:33 UTC

IssueDescription:

It was discovered that the nova.conf configuration generated by PackStack did not correctly set the libvirt_vif_driver configuration option if the Open vSwitch (OVS) monolithic plug-in was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after PackStack was started.

Comment 3 errata-xmlrpc 2014-10-22 17:17:42 UTC

This issue has been addressed in the following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:1691 https://rhn.redhat.com/errata/RHSA-2014-1691.html

Note You need to log in before you can comment on or make changes to this bug.