yahoo-eng-team team mailing list archive

[Jeremy Stanley <fungi@xxxxxxxxxxx>]

Triaged as vulnerability report class C2 "A vulnerability, but not in
OpenStack supported code, e.g., in a dependency"
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
. As such there will be no advisory, but work is underway already for a
security note about this: https://review.openstack.org/509160

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Won't Fix

** Information type changed from Public Security to Public

** Tags added: security

** Also affects: ossn
   Importance: Undecided
       Status: New

** Changed in: ossn
       Status: New => In Progress

** Changed in: ossn
     Assignee: (unassigned) => Luke Hinds (lhinds)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1721063

Title:
  vulnerability in dnsmasq

Status in neutron:
  Won't Fix
Status in OpenStack Security Advisory:
  Won't Fix
Status in OpenStack Security Notes:
  In Progress

Bug description:
  As per [1],[2] , there have been some vulnerability issue in dnsmasq.
  The same have been fixed in dnsmasq version 2.78
  In order to avoid the vulnerabilities, it would be advisable to update dnsmasq to version 2.78
  [1]: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
  [2]: https://thehackernews.com/2017/10/dnsmasq-network-services.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1592.dj0ao06ba4.yhy

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1721063/+subscriptions