Bug 1152702 – CVE-2014-3703 Red Hat Openstack 4 Neutron: security groups fail to block traffic properly due to packstack configuration

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1152702 - (CVE-2014-3703) CVE-2014-3703 Red Hat Openstack 4 Neutron: security groups fail to block traffic properly due to packstack configuration

Summary:	CVE-2014-3703 Red Hat Openstack 4 Neutron: security groups fail to block traf...

Status:	CLOSED ERRATA

Aliases:	CVE-2014-3703

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20141022,repo...
Keywords:	Security

Depends On:	1152703
Blocks:	1152704
	Show dependency tree / graph

Reported:	2014-10-14 14:28 EDT by Kurt Seifried
Modified:	2016-04-26 09:35 EDT (History)
CC List:	17 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was discovered that the nova.conf configuration generated by PackStack did not correctly set the libvirt_vif_driver configuration option if the Open vSwitch (OVS) monolithic plug-in was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after PackStack was started.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-10-22 16:08:32 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:1691	normal	SHIPPED_LIVE	Important: openstack-packstack security, bug fix, and enhancement update	2014-10-22 17:16:02 EDT

Groups: None (edit)

Description Kurt Seifried 2014-10-14 14:28:59 EDT

It was discovered that the nova.conf configuration generated by packstack did not correctly set the libvirt_vif_driver correctly if the OVS monolithic plugin was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after packstack was run.

Acknowledgements:

This issue was discovered by Yair Fried of Red Hat.

Comment 2 Martin Prpič 2014-10-21 04:35:33 EDT

IssueDescription:

It was discovered that the nova.conf configuration generated by PackStack did not correctly set the libvirt_vif_driver configuration option if the Open vSwitch (OVS) monolithic plug-in was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after PackStack was started.

Comment 3 errata-xmlrpc 2014-10-22 13:17:42 EDT

This issue has been addressed in the following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:1691 https://rhn.redhat.com/errata/RHSA-2014-1691.html

Note You need to log in before you can comment on or make changes to this bug.