Bug 1695883 (CVE-2019-10876) - CVE-2019-10876 openstack-neutron: DOS via broken port range merging in security group
Summary: CVE-2019-10876 openstack-neutron: DOS via broken port range merging in securi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-10876
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1695884 1695450 1695451 1695912
Blocks: 1695885
TreeView+ depends on / blocked
 
Reported: 2019-04-03 20:26 UTC by Pedro Sampaio
Modified: 2019-09-29 15:10 UTC (History)
15 users (show)

Fixed In Version: neutron 11.0.7, neutron 12.0.6, neutron 13.0.3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:53:15 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0879 None None None 2019-04-30 17:35:14 UTC
Red Hat Product Errata RHSA-2019:0935 None None None 2019-04-30 17:23:36 UTC

Description Pedro Sampaio 2019-04-03 20:26:37 UTC
A flaw was found in openstack-neutron. When merging port ranges, the code never assumed the conjunction ID might not be present in the set due to
already being removed. This can lead to server crash and denial of service.

Upstream patch:

https://review.openstack.org/#/c/640252/
https://review.openstack.org/#/c/648102/2
https://review.openstack.org/#/c/648004/2
https://review.openstack.org/#/c/648003/2
https://review.openstack.org/#/c/648002/2

References:

https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1813007
https://bugs.launchpad.net/ossa/+bug/1813007
https://review.openstack.org/#/q/topic:bug/1813007

Comment 1 Pedro Sampaio 2019-04-03 20:26:46 UTC
Created openstack-neutron tracking bugs for this issue:

Affects: openstack-rdo [bug 1695884]

Comment 2 Joshua Padman 2019-04-03 21:25:52 UTC
Introduced in the following upstream committ.
https://github.com/openstack/neutron/commit/237ec30ca94322716a1af5e59c0960f0eef24194

Comment 5 Joshua Padman 2019-04-15 23:07:54 UTC
Statement:

The pre-requisites for this vulnerability are not in Red Hat OpenStack prior to version 11, hence these versions are not affected.

Comment 6 errata-xmlrpc 2019-04-30 17:23:34 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:0935 https://access.redhat.com/errata/RHSA-2019:0935

Comment 7 errata-xmlrpc 2019-04-30 17:35:13 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 14.0 (Rocky)

Via RHSA-2019:0879 https://access.redhat.com/errata/RHSA-2019:0879


Note You need to log in before you can comment on or make changes to this bug.