The below vulnerability in Neutron was reported [1]: By creating 8 routers and assigning each of them a non-provider ipv6 subnet, a malicious user may block router update processing for all tenants, potentially resulting in a Denial of Service. Only Neutron setups running with radvd 2.0+ are affected. Patches ~~~~~~~ - https://review.openstack.org/141575 (Juno) - https://review.openstack.org/138688 (Kilo)
FYI the only place where we run with radvd 2.+ is Fedora Rawhide, and this will be fixed during the next rebase to latest Juno release.
Upstream bug is here: https://bugs.launchpad.net/neutron/+bug/1398779 And the upstream announcement is here: http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html Statement: Not vulnerable. This issue did not affect the versions of openstack-neutron as shipped with Red Hat Enterprise Linux OpenStack Platform 4 or 5.