Ubuntu Update For Neutron USN-2321-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. (CVE-2014-3555) Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. (CVE-2014-4615)

Affected

neutron on Ubuntu 14.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-August/002631.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3555, CVE-2014-4615

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for bogofilter vulnerability USN-980-1
Ubuntu Update for backuppc USN-1444-1
Ubuntu Update for apache2 USN-2299-1
Ubuntu Update for cinder USN-2405-1
Ubuntu Update for compiz-fusion-plugins-main vulnerability USN-688-1

Ubuntu Update for neutron USN-2321-1

Take action and discover your vulnerabilities