CVE-2014-4167

Published: 18 June 2014

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

Priority

Medium

Status

Package Release Status
neutron
Launchpad, Ubuntu, Debian
Upstream Pending
(2013.2.4, 1:2014.1.1-0ubuntu1, 2014.2.b1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:2014.1-0ubuntu1.3])
Patches:
Upstream: https://review.openstack.org/95939 (havana)
Upstream: https://review.openstack.org/95938 (icehouse)
Upstream: https://review.openstack.org/88584 (juno)