Your message dated Sat, 16 Oct 2021 13:53:05 +0000
with message-id <[email protected]>
and subject line Bug#993398: fixed in neutron
2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1
has caused the Debian Bug report #993398,
regarding neutron: CVE-2021-40085: Arbitrary dnsmasq reconfiguration via
extra_dhcp_opts
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
993398: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: neutron
Version: 2:18.1.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://launchpad.net/bugs/1939733
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2:17.1.1-6
Hi,
The following vulnerability was published for neutron.
CVE-2021-40085[0]:
| An issue was discovered in OpenStack Neutron before 16.4.1, 17.x
| before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can
| reconfigure dnsmasq via a crafted extra_dhcp_opts value.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-40085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40085
[1] https://launchpad.net/bugs/1939733
[2] https://www.openwall.com/lists/oss-security/2021/08/31/2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: neutron
Source-Version: 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
neutron, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated neutron package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 01 Sep 2021 13:42:16 +0200
Source: neutron
Architecture: source
Version: 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 993398
Changes:
neutron (2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1) buster-security;
urgency=medium
.
* New upstream point release.
- CVE-2021-40085: By supplying a specially crafted extra_dhcp_opts value,
an authenticated user may add arbitrary configuration to the dnsmasq
process in order to crash the service, change parameters for other
tenants sharing the same interface, or otherwise alter that daemon's
behavior. This vulnerability may also be used to trigger a configuration
parsing buffer overflow in versions of dnsmasq prior to 2.81, which could
lead to remote code execution. All Neutron deployments are affected.
(Closes: #993398)
* Add Add_a_healthcheck_URL.patch.
* Removed patches applied upstream:
- rootwrap-fix-for-neutron-fwaas.patch
- CVE-2019-10876_rocky_fix_KeyError_in_OVS_firewall.patch
- CVE-2019-9735_When_converting_sg_rules_to_iptables_do_not_emit_d....patch
* Refreshed multiple patches.
* Add the neccessary debconf stuff to stop modifying config files on
upgrades.
* Add patch:
- revert-call-install_ingress_direct_goto_flows_when_ovs_restarts.patch
Checksums-Sha1:
6536b586ac694e30d4ca769b0fe897f3e7f01a19 5251
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.dsc
958e6b708cc70e763b587a9d9409f5f23673cfe3 9174612
neutron_13.0.7+git.2021.09.27.bace3d1890.orig.tar.xz
77afd432d1d696ba566a333072eb09c26ae89415 38612
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.debian.tar.xz
c77df9d21684216dc42bba977590a52aa95e803f 20697
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_amd64.buildinfo
Checksums-Sha256:
d8b7d1fd81f3ebab6b7718a7dcd31ae9ea49e7e7266ad2eb6e3a6a41e500dd95 5251
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.dsc
b093f7fdbc714ca42c2b13811ef5da12f6403a4280f20e48b487d104bc00ccc4 9174612
neutron_13.0.7+git.2021.09.27.bace3d1890.orig.tar.xz
a1f3c6ec8f007dfc16aedc0bd254e5a8c22827f3da38b7ac8119a1836deb599c 38612
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.debian.tar.xz
bf2c245520dbe5c2000217bf6a841bdfc9aaf2de8011b6f9f1ae785c91a52986 20697
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_amd64.buildinfo
Files:
68097ae6582f9f09764cc20ae2b45917 5251 net optional
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.dsc
140f94cdc98a32574456cf2cb605a6d9 9174612 net optional
neutron_13.0.7+git.2021.09.27.bace3d1890.orig.tar.xz
d1a582d7522310bf31e2153da45236c7 38612 net optional
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.debian.tar.xz
9e52f7568ee6a8e65774f40ec3e3c7ca 20697 net optional
neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmFcZAAACgkQ1BatFaxr
Q/6tmA/9ED1nuxeyYwQ3B68SS4gEZbsj8DxXVdip/L71KiGzZm3ePcjwYg7171C8
isRR68G9XNmRnGWxbw8TsL9B26mdrxULpGUmTXs147ljfejz38z5hjvDcLbB+ycH
XZeTNX57ZabCTulIKF158F3v5H5wrWl9yt2j1/oltVYcP1ckL+NJy6CgRwnf6BRv
FzCea4TNmvgOuwGgdmC+kkdh5IpFMx0uJUHo8yiFsAw3bpEvqsF4wmZeHViujVAv
wdmyi5l535kT2r8fq9VcidfCGB0UiY3hgE5iOPj8MutmXXvu+gh1j1tq72aLt9Pn
iP+DYDBeeHBcSawhW0TNYYEqdkGSCh8GqgSy7fbbzEaUIzayomQdVsXj7YhbOZmV
ZFgcwbtsaRufA2ncD5NGPfFwyZ2Pu6342IeL5+5FnIqvMgPmyvYQKNzzXYRL6CO4
8YYzKRnZJxXMkkNiic4dCpii5V21DqdNGgLBGrtpOwodTi4sELwyPTuc4NHz5L2G
e6c/Iu4/+qQZSpAOUUMBwWzOaKvC/AffTKNk30/PI7DlFnfZbROs/LFKmL8yRpz3
lKl7yoSkNXTTQM0UTpY56rd6t1JfbqzvKwd2rJO0m6Ixfk+4TrN+CdxsgJPL7WxD
51K3/ctSb43MTXMJyuSHkfHX5dAVzVt7HlymIbMJotjeP+11npA=
=Yg0E
-----END PGP SIGNATURE-----
--- End Message ---
