Fedora 20: openstack-neutron Security Update

    Date21 Apr 2015
    CategoryFedora
    65
    Posted ByLinuxSecurity Advisories
    2013.2.4 rebase; CVE-2014-7821 fixed.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2015-5997
    2015-04-11 04:34:30
    --------------------------------------------------------------------------------
    
    Name        : openstack-neutron
    Product     : Fedora 20
    Version     : 2013.2.4
    Release     : 8.fc20
    URL         : http://launchpad.net/neutron/
    Summary     : OpenStack Networking Service
    Description :
    Neutron is a virtual network service for Openstack. Just like
    OpenStack Nova provides an API to dynamically request and configure
    virtual servers, Neutron provides an API to dynamically request and
    configure virtual networks. These networks connect "interfaces" from
    other OpenStack services (e.g., virtual NICs from Nova VMs). The
    Neutron API supports extensions to provide advanced network
    capabilities (e.g., QoS, ACLs, network monitoring, etc.)
    
    --------------------------------------------------------------------------------
    Update Information:
    
    2013.2.4 rebase; CVE-2014-7821 fixed.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Apr  9 2015 Ihar Hrachyshka  2013.2.4-8
    - CVE-2014-7821: Fix hostname validation for nameservers, rhbz#1165887
    - CVE-2014-7821: Fix hostname regex pattern, rhbz#1165887
    * Fri Oct 10 2014 Ihar Hrachyshka  2013.2.4-7
    - Readded python-pbr as dependency (was dropped during el6-havana merge).
    * Fri Oct 10 2014 Ihar Hrachyshka  2013.2.4-6
    - Fixed an error in %pre rule that adds neutron user that was introduced
      during el6-havana branch merged.
    * Wed Oct  8 2014 Ihar Hrachyshka  2013.2.4-5
    - use parallel installed versions in RHEL6
    * Mon Sep 29 2014 Ihar Hrachyshka  2013.2.4-4
    - enforce force_gateway_on_subnet=True in neutron-dist.conf, rhbz#1090553
    * Thu Sep 25 2014 Ihar Hrachyshka  2013.2.4-3
    - Forbid regular users to reset admin-only attrs to default values, rhbz#1142013
    * Mon Sep 22 2014 Ihar Hrachyshka  2013.2.4-2
    - Merged in el6-havana branch, resolving conflicts between platforms
      with if-else conditionals. This is needed because el6-havana was
      (erroneously) locked when locking el6 branch.
    * Mon Sep 22 2014 Ihar Hrachyshka  2013.2.4-1
    - Update to upstream 2013.2.4
    * Wed Jul 23 2014 Ihar Hrachyshka  2013.2.3-13
    - no quota for allowed address pair, rhbz#1122428
    * Wed Jul 16 2014 Miguel Ángel Ajo  2013.2.3-12
    - Moved all plugin sources to python-neutron to avoid breaking
      hidden upstream dependencies from agents to plugins, etc.
      fixes rhbz#1120146
    - Removed the hyper-v agent exclude.
    - Added a few LICENSE files to packages that missed it.
    * Tue Jun 24 2014 Ihar Hrachyshka  2013.2.3-11
    - Send SIGTERM signal only to parent process when stopping neutron
      service, bz#1110642
    * Tue Jun 24 2014 Ihar Hrachyshka  2013.2.3-10
    - Notify systemd when starting Neutron server, bz#1063427
    * Tue Jun 17 2014 Ihar Hrachyshka  2013.2.3-9
    - Install SNAT rules for ipv4 only, bz#1110142
    * Wed Jun 11 2014 Ihar Hrachyshka  2013.2.3-8
    - Ensure routing key is specified in the address for a direct producer, bz#1108025
    * Mon May 19 2014 Ihar Hrachyshka  2013.2.3-7
    - netaddr<=0.7.10 raises ValueError instead of AddrFormatError, bz#1090137
    * Mon May 19 2014 Ihar Hrachyshka  2013.2.3-6
    - Validate CIDR given as ip-prefix in security-group-rule-create, bz#1090137
    * Thu May 15 2014 Ihar Hrachyshka  2013.2.3-5
    - Make neutron-vpn-agent read fwaas_driver.ini, bz#1098121
    * Mon Apr 28 2014 Ihar Hrachyshka  2013.2.3-4
    - Removed signing_dir from neutron.conf (bz#1050842)
    - Sync service and systemd modules from oslo-incubator (bz#1063427)
    * Thu Apr 10 2014 Ihar Hrachyshka  2013.2.3-2
    - Remove signing_dir from neutron-dist.conf, bz#1050842
    * Thu Apr 10 2014 Miguel Angel Ajo  2013.2.3-1
    - Update to upstream 2013.2.3
    * Wed Feb 19 2014 Pádraig Brady  - 2013.2.2-2
    - Update to havana stable release 2013.2.2
    - Sync up Quantum renaming changes from el6 branch
    * Fri Jan 24 2014 Terry Wilson  - 2013.2.1-3
    - Remove requirements.txt, bz#1057615
    * Tue Jan  7 2014 Terry Wilson  - 2013.2.1-1
    - Add python-psutil requirement for openvswitch agent, bz#1049235
    * Wed Dec 18 2013 Pádraig Brady  - 2013.2.1-1
    - Update to havana stable release 2013.2.1
    * Tue Dec 10 2013 Terry Wilson  - 2013.2-6
    - Add rootwrap.conf limitation to sudoers.d/neutron, bz#984097
    - neutron-server-setup: support mariadb
    * Wed Dec  4 2013 Terry Wilson  - 2013.2-5
    - Add missing debug and vpnaas rootwrap filters, bz#1034207
    * Mon Dec  2 2013 Terry Wilson  - 2013.2-4
    - Replace quantum references in neutron-dist.conf
    * Wed Nov 13 2013 Terry Wilson  - 2013.2-3
    - Add dnsmasq-utils dependency
    * Wed Oct 30 2013 Terry Wilson  - 2013.2-2
    - Better support for upgrading from grizzly to havana
    - Update dependencies on python-{babel,keystoneclient,oslo-config}
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1165887 - CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1165887
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use
    su -c 'yum update openstack-neutron' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://admin.fedoraproject.org/mailman/listinfo/package-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.