UbuntuUpdates.org

Package "neutron-openvswitch-agent"

Name: neutron-openvswitch-agent

Description:

Neutron is a virtual network service for Openstack - Open vSwitch plugin agent
Latest version: 2:12.1.1-0ubuntu8.1
Release: bionic (18.04)
Level: updates
Repository: main
Head package: neutron

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "neutron-openvswitch-agent"

All arch deb package
APT INSTALL

Other versions of "neutron-openvswitch-agent" in Bionic

Repository Area Version
base main 2:12.0.1-0ubuntu1
security main 2:12.1.1-0ubuntu8.1

Changelog

Version: 2:12.1.1-0ubuntu8.1 2023-05-10 15:07:12 UTC

  neutron (2:12.1.1-0ubuntu8.1) bionic-security; urgency=medium

  * SECURITY UPDATE: IPv6 impersonation in Open vSwitch firewall rules
    - debian/patches/CVE-2021-20267-1.patch: allow egress ICMPv6 only for
      known addresses in
      doc/source/contributor/internals/openvswitch_firewall.rst,
      neutron/agent/linux/openvswitch_firewall/firewall.py,
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py.
    - debian/patches/CVE-2021-20267-2.patch: restrict IPv6 NA and DHCP(v6)
      IP and MAC source addresses in neutron/agent/firewall.py,
      neutron/agent/linux/openvswitch_firewall/firewall.py,
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py.
    - CVE-2021-20267
  * SECURITY UPDATE: hardware address impersonation with ebtables-nft
    - debian/patches/CVE-2021-38598.patch: make ARP protection commands
      compatible with "ebtables-nft" in
      neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py,
      neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_arp_protect.py.
    - CVE-2021-38598
  * SECURITY UPDATE: dnsmasq reconfiguration issue
    - debian/patches/CVE-2021-40085.patch: remove dhcp_extra_opt value
      after first newline character in neutron/agent/linux/dhcp.py,
      neutron/tests/unit/agent/linux/test_dhcp.py.
    - CVE-2021-40085
  * SECURITY UPDATE: memory consumption via API requests
    - debian/patches/CVE-2021-40797.patch: don't use singleton in
      routes.middleware.RoutesMiddleware in neutron/api/extensions.py.
    - CVE-2021-40797
  * SECURITY UPDATE: uncontrolled resource consumption flaw
    - debian/patches/CVE-2022-3277.patch: do not allow a tenant to create a
      default SG for another one in neutron/db/securitygroups_db.py,
      neutron/tests/unit/db/test_securitygroups_db.py.
    - CVE-2022-3277

 -- Marc Deslauriers <email address hidden> Tue, 18 Apr 2023 11:23:51 -0400
Source diff to previous version
CVE-2021-20267 A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server inst
CVE-2021-38598 OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft i
CVE-2021-40085 An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsma
CVE-2021-40797 An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API reques
CVE-2022-3277 An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security gr

Version: 2:12.1.1-0ubuntu8 2021-06-16 06:06:19 UTC

  neutron (2:12.1.1-0ubuntu8) bionic; urgency=medium

  * Backport fix for TCP checksum issue (LP: #1832021)
    - d/p/0001-Workaround-for-TCP-checksum-issue-with-ovs-dpdk-and-.patch

 -- erlon <email address hidden> Mon, 26 Apr 2021 14:01:49 -0300
Source diff to previous version
1832021 Checksum drop of metadata traffic on isolated networks with DPDK

Version: 2:12.1.1-0ubuntu7 2021-05-13 10:06:22 UTC

  neutron (2:12.1.1-0ubuntu7) bionic; urgency=medium

  * Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall
    - d/p/0001-Handle-OVSFWPortNotFound-and-OVSFWTagNotFound-in-ovs.patch
      (LP: #1849098).
Source diff to previous version
1849098 ovs agent is stuck with OVSFWTagNotFound when dealing with unbound port

Version: 2:12.1.1-0ubuntu4 2021-04-08 10:06:19 UTC

  neutron (2:12.1.1-0ubuntu4) bionic; urgency=medium

  * Fix interrupt of VLAN traffic on reboot of neutron-ovs-agent:
  - d/p/0001-ovs-agent-signal-to-plugin-if-tunnel-refresh-needed.patch (LP: #1853613)
  - d/p/0002-Do-not-block-connection-between-br-int-and-br-phys-o.patch (LP: #1869808)
  - d/p/0003-Ensure-that-stale-flows-are-cleaned-from-phys_bridge.patch (LP: #1864822)
  - d/p/0004-DVR-Reconfigure-re-created-physical-bridges-for-dvr-.patch (LP: #1864822)
  - d/p/0005-Ensure-drop-flows-on-br-int-at-agent-startup-for-DVR.patch (LP: #1887148)
  - d/p/0006-Don-t-check-if-any-bridges-were-recrected-when-OVS-w.patch (LP: #1864822)
  - d/p/0007-Not-remove-the-running-router-when-MQ-is-unreachable.patch (LP: #1871850)

 -- Edward Hope-Morley <email address hidden> Mon, 22 Feb 2021 16:55:40 +0000
Source diff to previous version
1853613 VMs don't get ip from dhcp after compute restart
1864822 Openvswitch Agent - Connexion openvswitch DB Broken
1887148 Network loop between physical networks with DVR
1871850 [L3] existing router resources are partial deleted unexpectedly when MQ is gone

Version: 2:12.1.1-0ubuntu3 2021-02-03 00:07:07 UTC

  neutron (2:12.1.1-0ubuntu3) bionic; urgency=medium

  [ Chris MacNaughton ]
  * d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev.

  [ Corey Bryant ]
  * d/p/ovs-fw-remote-sg-ids-left-behind.patch: Cherry-picked from upstream
    stable/queens to ensure proper cleanup of remote security group IDs when
    a security group is removed (LP: #1881157).

 -- Corey Bryant <email address hidden> Tue, 24 Nov 2020 10:33:03 -0500


About   -   Send Feedback to @ubuntu_updates