Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

Ubuntu 14.04 LTS USN-2408-1 Critical: Neutron Access Control Issue

ubuntu
Calendar Grey November 11, 2014
Scroller Ubuntu Esm H88
The OpenStack Neutron service has encountered a critical security flaw that may lead to unauthorized visibility of network settings. It is crucial to update your Ubuntu system immediately.
OpenStack Neutron would allow unintended access to configuration over the network.

Summary

OpenStack Neutron would allow unintended access to configuration over the

network.

Software Description:

- neutron: OpenStack Virtual Network Service

Details:

Elena Ezhova discovered that OpenStack Neutron did not properly perform

access control checks for attributes. A remote authenticated attacker could

exploit this to bypass intended access controls and reset admin-only

attributes to default values.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  python-neutron                  1:2014.1.3-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2408-1

CVE-2014-6414

Severity
critical
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-2408-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.