yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #31381
[Bug 1378450] Re: [OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821)
** Changed in: neutron/juno
Importance: Undecided => High
** Changed in: neutron/juno
Status: Fix Released => Fix Committed
** Changed in: neutron/juno
Milestone: 2014.2.1 => 2014.2.3
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1378450
Title:
[OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron
(CVE-2014-7821)
Status in OpenStack Neutron (virtual network service):
Fix Released
Status in neutron icehouse series:
Fix Committed
Status in neutron juno series:
Fix Committed
Status in OpenStack Security Advisories:
Fix Released
Bug description:
The following request body will crash neutron nodes.
{"subnet": {"network_id": "2aeb163a-a415-4568-bb9e-9c0ac93d54e4", "ip_version": 4,
"cidr": "192.168.1.3/16",
"dns_nameservers": ["111111111111111111111111111111111111111111111111111111111111"]}}
Even strace stops logging.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1378450/+subscriptions