CVE-2014-7821
Published: 24 November 2014
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
Priority
Status
Package | Release | Status |
---|---|---|
neutron Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [1:2014.1.4-0ubuntu1])
|
|
Patches: Upstream: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ab7ea069de5cecf1c26af50996a26e1a7f86def4 (icehouse) Upstream: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d39349cf47dfe9ac3f52089402d69cd1be8b013b (icehouse) |
Notes
Author | Note |
---|---|
mdeslaur | perhaps the following commit should also be used: https://git.openstack.org/cgit/openstack/neutron/commit/?h=stable/icehouse&id=d39349cf47dfe9ac3f52089402d69cd1be8b013b |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821
- http://lists.openstack.org/pipermail/openstack-announce/2014-December/000309.html
- NVD
- Launchpad
- Debian