Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0275: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (openstack-neutron) security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3277: openstack-neutron: unrestricted creation of security groups
Red Hat Security Data
#vulnerability#mac#linux#red_hat

Issued:

2023-01-25

Updated:

2023-01-25

RHSA-2023:0275 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat OpenStack Platform 17.0 (openstack-neutron) security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-neutron is now available for Red Hat OpenStack
Platform 17.0 (Wallaby).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a virtual network service for OpenStack.
Just as OpenStack Compute (nova) provides an API to dynamically request and
configure virtual servers, OpenStack Networking provides an API to
dynamically request and configure virtual networks. These networks connect
‘interfaces’ from other OpenStack services (e.g. virtual NICs from Compute
VMs). The OpenStack Networking API supports extensions to provide advanced
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

Security Fix(es):

  • unrestricted creation of security groups (CVE-2022-3277)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Affected Products

  • Red Hat OpenStack 17 x86_64

Fixes

  • BZ - 2119137 - [ovn] two subnets with the same cidr can be connected to one router
  • BZ - 2120409 - [RHOS-17] Parent port remains DOWN after live migration with trunk port and OVN
  • BZ - 2121098 - [PerfCI][OVN RAFT][17.0] BrowbeatPlugin.router_subnet_create_delete fails randomly with 504 Gateway Time-out
  • BZ - 2122128 - neutron revision_number does not bump on network update
  • BZ - 2125061 - [OVN][DVR][VLAN] some FIP’s are unreachable
  • BZ - 2125159 - Neutron Designate DNS integration ? use case #3 ?Ports are published directly in the external DNS service? fails
  • BZ - 2127230 - Neutron server doesn’t start
  • BZ - 2128923 - TRY_AGAIN messages can flood neutron logs
  • BZ - 2129193 - CVE-2022-3277 openstack-neutron: unrestricted creation of security groups
  • BZ - 2132152 - Neutron server may hang during startup
  • BZ - 2132228 - [OVS][DVR] Tobiko test DvrRouterNamespaceTest
  • BZ - 2132405 - [rhos 17.0] OVN transaction could not be completed due to a race condition
  • BZ - 2144564 - After a minor update, connectiviy issues between a new instance and metadata.

Red Hat OpenStack 17

SRPM

openstack-neutron-18.4.1-0.20221128170741.5258354.el9ost.src.rpm

SHA-256: dbfc63bea3227916ad21d4aaf3ec0e5b73d16d4839e177a36b45a6ed4633368b

x86_64

openstack-neutron-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: 0b3937357d630fd4d7bcf3438aeb09a33d494b98613d0c05cf96e0e75e15b38b

openstack-neutron-common-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: f171b15f65c0ec96c0822c05aa694a64cdd99b4fb352d869f553dd9f60f69091

openstack-neutron-linuxbridge-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: 33026678b74b643aced12db9146f6ed0ce6dff1bb4affdca6a070de623e105b0

openstack-neutron-macvtap-agent-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: eb86a85107b1e26d1283820a8ac1ee99e6821caa53d0a580c95f3d6e0b182ae3

openstack-neutron-metering-agent-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: 63d1ca8a4748802d5ff43620db2edca78a82c86ff391e902bbfc54d49ee5637b

openstack-neutron-ml2-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: 04db58313c9b8ff609458de625d6814968647d26b4e59fb8984dbc60e447092a

openstack-neutron-openvswitch-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: b3b609f3e7cc5e60ae903120a981015f6a4b6d883760f724b2dbd13c6b4e206b

openstack-neutron-ovn-metadata-agent-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: 090c5d39e00db52b44bfe19d275f20038fd6c53d3a1455f0b0710637b475db80

openstack-neutron-ovn-migration-tool-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: f62e95db2bde4055c67655290c9fe83d5004c48afe4a9b74a55ef4d22f4bed75

openstack-neutron-rpc-server-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: 06a25d953ba646ce254203146e2a4ab3ca9bf67976781b2d59195b82187bd2ec

openstack-neutron-sriov-nic-agent-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: f0841d41591cc54fa1e094d1b0702735bd13e743100afdaf23a08a37f725229c

python3-neutron-18.4.1-0.20221128170741.5258354.el9ost.noarch.rpm

SHA-256: 73fce308c3c6dfc029eb2f491cfa0a687676e6a2cde3ac864451abbbc1dcede7

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-4283-01

Red Hat Security Advisory 2023-4283-01 - OpenStack Networking is a virtual network service for OpenStack. Just as OpenStack Compute provides an API to dynamically request and configure virtual servers, OpenStack Networking provides an API to dynamically request and configure virtual networks. These networks connect 'interfaces' from other OpenStack services. The OpenStack Networking API supports extensions to provide advanced network capabilities.

RHSA-2023:4283: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-neutron) security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3637: An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this c...

Ubuntu Security Notice USN-6067-1

Ubuntu Security Notice 6067-1 - David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Jake Yip and Justin Mammarella discovered that OpenStack Neutron incorrectly handled the linuxbridge driver when ebtables-nft is being used. An attacker could possibly use this issue to impersonate the hardware address of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

CVE-2022-3277: Bug #1988026 “Neutron should not create security group with proj...” : Bugs : neutron

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

Red Hat Security Advisory 2023-0275-01

Red Hat Security Advisory 2023-0275-01 - OpenStack Networking is a virtual network service for OpenStack. Just as OpenStack Compute provides an API to dynamically request and configure virtual servers, OpenStack Networking provides an API to dynamically request and configure virtual networks. These networks connect 'interfaces' from other OpenStack services. The OpenStack Networking API supports extensions to provide advanced network capabilities.

Red Hat Security Advisory 2022-8870-01

Red Hat Security Advisory 2022-8870-01 - An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Security Advisory 2022-8855-01

Red Hat Security Advisory 2022-8855-01 - OpenStack Networking is a virtual network service for OpenStack. Just as OpenStack Compute provides an API to dynamically request and configure virtual servers, OpenStack Networking provides an API to dynamically request and configure virtual networks. These networks connect 'interfaces' from other OpenStack services. The OpenStack Networking API supports extensions to provide advanced network capabilities.

RHSA-2022:8870: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (openstack-neutron) security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3277: openstack-neutron: unrestricted creation of security groups

RHSA-2022:8855: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (openstack-neutron) security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3277: openstack-neutron: unrestricted creation of security groups