Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1339
HistorySep 30, 2014 - 12:00 a.m.

(RHSA-2014:1339) Low: openstack-neutron security and bug fix update

2014-09-3000:00:00
access.redhat.com
15

0.005 Low

EPSS

Percentile

76.1%

JSON

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven
system that provisions networking services to virtual machines. Its main
function is to manage connectivity to and from virtual machines. As of Red
Hat Enterprise Linux OpenStack Platform 4.0, ‘neutron’ replaces ‘quantum’
as the core component of OpenStack Networking.

It was discovered that the openstack-neutron package in Red Hat Enterprise
Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released
with a sudoers file containing a configuration error. This error caused
OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
(CVE-2014-3632)

This update also fixes the following bugs:

  • Prior to this update, the Open vSwitch agent failed to process ports on
    the integration bridge that quickly disappeared and reappeared during the
    processing loop. When such a failure occurred, the processing of the port
    was aborted (which is the correct behavior), but it was also marked as
    processed, meaning that the next updates for the port were not applied when
    it reappeared later. As a consequence, some ports were not VLAN-tagged
    correctly, and that resulted in no network connectivity for those instances
    that were bound to those ports. With this update, ports that are not on the
    integration bridge are still not processed but also not marked as such.
    Ports that disappear and then reappear later on the integration bridge are
    processed correctly, and VLAN tag updates are properly applied.
    (BZ#1123053)

  • This update fixes an issue that caused connectivity to be dropped when
    restarting the openvswitch service with l2pop enabled. (BZ#1120719)

  • Due to an incorrect version of the python-httplib2 package specified in
    the spec file, when a large amount of virtual machines (VMs) was launched,
    some of the VMs could be assigned two private IP addresses. (BZ#1126451)

All openstack-neutron users are advised to upgrade to these updated
packages, which correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchopenstack-neutron-plumgrid< 2014.1.2-4.el6ostopenstack-neutron-plumgrid-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-nec< 2014.1.2-4.el6ostopenstack-neutron-nec-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-brocade< 2014.1.2-4.el6ostopenstack-neutron-brocade-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-ofagent< 2014.1.2-4.el6ostopenstack-neutron-ofagent-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-ibm< 2014.1.2-4.el6ostopenstack-neutron-ibm-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-openvswitch< 2014.1.2-4.el6ostopenstack-neutron-openvswitch-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-oneconvergence-nvsd< 2014.1.2-4.el6ostopenstack-neutron-oneconvergence-nvsd-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-vpn-agent< 2014.1.2-4.el6ostopenstack-neutron-vpn-agent-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-vmware< 2014.1.2-4.el6ostopenstack-neutron-vmware-2014.1.2-4.el6ost.noarch.rpm
RedHat6noarchopenstack-neutron-ryu< 2014.1.2-4.el6ostopenstack-neutron-ryu-2014.1.2-4.el6ost.noarch.rpm
Rows per page:
1-10 of 221

Related

ubuntucve 3
cve 2
veracode 3
nvd 2
cvelist 2
prion 2
nessus 2
debiancve 2
redhat 1
openvas 1
ubuntu 1
securityvulns 1
ubuntucve
ubuntucve
CVE-2014-3632
2014-10-07 00:00:00
CVE-2013-6433
2014-06-02 00:00:00
CVE-2013-1068
2014-06-17 00:00:00
cve
cve
CVE-2014-3632
2014-10-07 14:55:04
CVE-2013-6433
2014-06-02 15:55:10
veracode
veracode
Privilege Escalation
2019-01-15 09:02:09
Privilege Escalation
2019-01-15 09:01:48
Information Disclosure
2019-05-02 04:58:09
nvd
nvd
CVE-2014-3632
2014-10-07 14:55:04
CVE-2013-6433
2014-06-02 15:55:10
cvelist
cvelist
CVE-2014-3632
2014-10-07 14:00:00
CVE-2013-6433
2014-06-02 15:00:00
prion
prion
Design/Logic Flaw
2014-10-07 14:55:00
Default configuration
2014-06-02 15:55:00
nessus
nessus
RHEL 6 : openstack-neutron (RHSA-2014:1339)
2024-04-24 00:00:00
Ubuntu 14.04 LTS : OpenStack Neutron vulnerabilities (USN-2255-1)
2014-06-26 00:00:00
debiancve
debiancve
CVE-2014-3632
2014-10-07 14:55:04
CVE-2013-6433
2014-06-02 15:55:10
redhat
redhat
(RHSA-2014:0516) Moderate: openstack-neutron security, bug fix, and enhancement update
2014-05-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2255-1)
2014-07-01 00:00:00
ubuntu
ubuntu
OpenStack Neutron vulnerabilities
2014-06-25 00:00:00
securityvulns
securityvulns
OpenStack multiple security vulnerabilities
2014-08-24 00:00:00

0.005 Low

EPSS

Percentile

76.1%

JSON
Related for RHSA-2014:1339
ubuntucve3cve2veracode3nvd2cvelist2prion2nessus2debiancve2redhat1openvas1ubuntu1securityvulns1