yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #22126
[Bug 1309195] Re: [OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table (CVE-2014-4167)
** Changed in: neutron/havana
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1309195
Title:
[OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table
(CVE-2014-4167)
Status in OpenStack Neutron (virtual network service):
Fix Released
Status in neutron havana series:
Fix Released
Status in neutron icehouse series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
SNAT rules with IPv6 prefixes are added into the NAT table, which
causes failure with the call to iptables-restore:
Stderr: "iptables-restore v1.4.18: invalid mask `64' specified\nError
occurred at line: 22\nTry `iptables-restore -h' or 'iptables-restore
--help' for more information.\n"
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1309195/+subscriptions
References