A vulnerability in Neutron anti-spoof protection. By forging DHCP discovery messages or non-IP traffic, such as ARP or ICMPv6, an instance may spoof IP or MAC source addresses on attached networks resulting in denial of services and/or traffic interception. Moreover when L2population isn't used, other tenants attached to a shared network are also vulnerable. Neutron setups using the IPTables firewall driver are affected. Upstream bug: https://bugs.launchpad.net/bugs/1558658 References: http://seclists.org/oss-sec/2016/q2/519
Created openstack-neutron tracking bugs for this issue: Affects: fedora-all [bug 1349669] Affects: openstack-rdo [bug 1349670]
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2016:1474 https://access.redhat.com/errata/RHSA-2016:1474
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:1473 https://access.redhat.com/errata/RHSA-2016:1473