CVE-2019-9735 (retired)

Priority
Description
An issue was discovered in the iptables firewall module in OpenStack
Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x
before 13.0.3. By setting a destination port in a security group rule along
with a protocol that doesn't support that option (for example, VRRP), an
authenticated user may block further application of security group rules
for instances from any project/tenant on the compute hosts to which it's
applied. (Only deployments using the iptables security group driver are
affected.)
Assigned-to
mdeslaur
Package
Upstream:released (2:13.0.2-13)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:8.4.0-0ubuntu7.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:12.0.6-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2:13.0.2-0ubuntu3.4)
Ubuntu 19.04 (Disco Dingo):not-affected (2:14.0.0~b1~git2018120609.2e720b158b-0ubuntu2)
Ubuntu 19.10 (Eoan):not-affected (2:14.0.0~b1~git2018120609.2e720b158b-0ubuntu2)
Patches:
Upstream:https://review.openstack.org/640685 (rocky, 13.0.x)
Upstream:https://review.openstack.org/640702 (queens, 12.0.x)
Upstream:https://review.openstack.org/640790 (pike, 11.0.x)
Upstream:https://review.openstack.org/640791 (ocata, 10.0.x)
More Information

Updated: 2019-06-25 14:15:03 UTC (commit fb4c4360fd0a8fb944c65030df15e42a767b5ff2)