← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1309195] Re: [OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table (CVE-2014-4167)

 

** Changed in: neutron/havana
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1309195

Title:
  [OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table
  (CVE-2014-4167)

Status in OpenStack Neutron (virtual network service):
  Fix Released
Status in neutron havana series:
  Fix Released
Status in neutron icehouse series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  SNAT rules with IPv6 prefixes are added into the NAT table, which
  causes failure with the call to iptables-restore:

  Stderr: "iptables-restore v1.4.18: invalid mask `64' specified\nError
  occurred at line: 22\nTry `iptables-restore -h' or 'iptables-restore
  --help' for more information.\n"

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1309195/+subscriptions


References