Created attachment 598660 [details]
suggested patch stable havana

Created attachment 598662 [details]
suggested patch stable icehouse

bugbot adjusting priority

Affected packages:

SLE-11-SP3-CLOUD4: openstack-neutron
SLE-11-SP3-PRODUCTS: openstack-neutron
SLE-11-SP3-UPTU: openstack-neutron

OpenStack Security Advisory: 2014-025
CVE: CVE-2014-3555
Date: July 17, 2014
Title: Denial of Service in Neutron allowed address pair
Reporter: Liping Mao (Cisco)
Products: Neutron
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1

Description:
Liping Mao from Cisco reported a denial of service vulnerability in
Neutron's handling of allowed address pair. By creating a large number
of allowed address pairs, an authenticated user may overwhelm neutron
firewall rules and render compute nodes unusable. All Neutron setups are
affected.

Juno (development branch) fix:
https://review.openstack.org/107734

Icehouse fix:
https://review.openstack.org/107733

Havana fix:
https://review.openstack.org/107731

Notes:
This fix will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555
https://launchpad.net/bugs/1336207

--
Tristan Cacqueray
OpenStack Vulnerability Management Team

submitted
https://build.suse.de/request/show/41740 Cloud3 / openstack-neutron

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-08-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58458

SUSE-SU-2014:1034-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 887348
CVE References: CVE-2014-3555
Sources used:
SUSE Cloud 3 (src):    openstack-neutron-2013.2.4.dev93.gf569afd-0.7.1, openstack-neutron-doc-2013.2.4.dev93.gf569afd-0.7.1

Fix was released. Closing bug.

resolved, fixed and released.