Candidate: CVE-2019-10876
PublicDate: 2019-04-05 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10876
 https://review.openstack.org/#/q/topic:bug/1813007
Description:
 An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x
 before 12.0.6, and 13.x before 13.0.3. By creating two security groups with
 separate/overlapping port ranges, an authenticated user may prevent Neutron
 from being able to configure networks on any compute nodes where those
 security groups are present, because of an Open vSwitch (OVS) firewall
 KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are
 affected.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ossa/+bug/1813007
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926502
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]


Patches_neutron:
 upstream: https://review.openstack.org/648004 (queens, 12.0.x)
 upstream: https://review.openstack.org/648003 (rocky, 13.0.x)
upstream_neutron: released (2:13.0.2-15)
precise/esm_neutron: DNE
trusty_neutron: not-affected (code not present)
trusty/esm_neutron: DNE (trusty was not-affected [code not present])
xenial_neutron: not-affected (code not present)
esm-infra/xenial_neutron: not-affected (code not present)
bionic_neutron: released (2:12.0.5-0ubuntu3)
cosmic_neutron: released (2:13.0.2-0ubuntu3)
disco_neutron: not-affected (2:14.0.0~b1~git2018120609.2e720b158b-0ubuntu2)
devel_neutron: not-affected (2:14.0.0~b1~git2018120609.2e720b158b-0ubuntu2)