yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #24832
[Bug 1378450] Re: [OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821)
** Changed in: ossa
Assignee: (unassigned) => Tristan Cacqueray (tristan-cacqueray)
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1378450
Title:
[OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron
(CVE-2014-7821)
Status in OpenStack Neutron (virtual network service):
Fix Committed
Status in neutron icehouse series:
Fix Committed
Status in neutron juno series:
Fix Committed
Status in OpenStack Security Advisories:
Fix Released
Bug description:
The following request body will crash neutron nodes.
{"subnet": {"network_id": "2aeb163a-a415-4568-bb9e-9c0ac93d54e4", "ip_version": 4,
"cidr": "192.168.1.3/16",
"dns_nameservers": ["111111111111111111111111111111111111111111111111111111111111"]}}
Even strace stops logging.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1378450/+subscriptions