Package "neutron-server"
Name: |
neutron-server
|
Description: |
Neutron is a virtual network service for Openstack - server
|
Latest version: |
2:12.1.1-0ubuntu8.1 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
main |
Head package: |
neutron |
Links
Download "neutron-server"
Other versions of "neutron-server" in Bionic
Changelog
neutron (2:12.1.1-0ubuntu8.1) bionic-security; urgency=medium
* SECURITY UPDATE: IPv6 impersonation in Open vSwitch firewall rules
- debian/patches/CVE-2021-20267-1.patch: allow egress ICMPv6 only for
known addresses in
doc/source/contributor/internals/openvswitch_firewall.rst,
neutron/agent/linux/openvswitch_firewall/firewall.py,
neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py.
- debian/patches/CVE-2021-20267-2.patch: restrict IPv6 NA and DHCP(v6)
IP and MAC source addresses in neutron/agent/firewall.py,
neutron/agent/linux/openvswitch_firewall/firewall.py,
neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py.
- CVE-2021-20267
* SECURITY UPDATE: hardware address impersonation with ebtables-nft
- debian/patches/CVE-2021-38598.patch: make ARP protection commands
compatible with "ebtables-nft" in
neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py,
neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_arp_protect.py.
- CVE-2021-38598
* SECURITY UPDATE: dnsmasq reconfiguration issue
- debian/patches/CVE-2021-40085.patch: remove dhcp_extra_opt value
after first newline character in neutron/agent/linux/dhcp.py,
neutron/tests/unit/agent/linux/test_dhcp.py.
- CVE-2021-40085
* SECURITY UPDATE: memory consumption via API requests
- debian/patches/CVE-2021-40797.patch: don't use singleton in
routes.middleware.RoutesMiddleware in neutron/api/extensions.py.
- CVE-2021-40797
* SECURITY UPDATE: uncontrolled resource consumption flaw
- debian/patches/CVE-2022-3277.patch: do not allow a tenant to create a
default SG for another one in neutron/db/securitygroups_db.py,
neutron/tests/unit/db/test_securitygroups_db.py.
- CVE-2022-3277
-- Marc Deslauriers <email address hidden> Tue, 18 Apr 2023 11:23:51 -0400
|
Source diff to previous version |
CVE-2021-20267 |
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server inst |
CVE-2021-38598 |
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft i |
CVE-2021-40085 |
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsma |
CVE-2021-40797 |
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API reques |
CVE-2022-3277 |
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security gr |
|
neutron (2:12.1.1-0ubuntu8) bionic; urgency=medium
* Backport fix for TCP checksum issue (LP: #1832021)
- d/p/0001-Workaround-for-TCP-checksum-issue-with-ovs-dpdk-and-.patch
-- erlon <email address hidden> Mon, 26 Apr 2021 14:01:49 -0300
|
Source diff to previous version |
1832021 |
Checksum drop of metadata traffic on isolated networks with DPDK |
|
neutron (2:12.1.1-0ubuntu7) bionic; urgency=medium
* Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall
- d/p/0001-Handle-OVSFWPortNotFound-and-OVSFWTagNotFound-in-ovs.patch
(LP: #1849098).
|
Source diff to previous version |
1849098 |
ovs agent is stuck with OVSFWTagNotFound when dealing with unbound port |
|
neutron (2:12.1.1-0ubuntu4) bionic; urgency=medium
* Fix interrupt of VLAN traffic on reboot of neutron-ovs-agent:
- d/p/0001-ovs-agent-signal-to-plugin-if-tunnel-refresh-needed.patch (LP: #1853613)
- d/p/0002-Do-not-block-connection-between-br-int-and-br-phys-o.patch (LP: #1869808)
- d/p/0003-Ensure-that-stale-flows-are-cleaned-from-phys_bridge.patch (LP: #1864822)
- d/p/0004-DVR-Reconfigure-re-created-physical-bridges-for-dvr-.patch (LP: #1864822)
- d/p/0005-Ensure-drop-flows-on-br-int-at-agent-startup-for-DVR.patch (LP: #1887148)
- d/p/0006-Don-t-check-if-any-bridges-were-recrected-when-OVS-w.patch (LP: #1864822)
- d/p/0007-Not-remove-the-running-router-when-MQ-is-unreachable.patch (LP: #1871850)
-- Edward Hope-Morley <email address hidden> Mon, 22 Feb 2021 16:55:40 +0000
|
Source diff to previous version |
1853613 |
VMs don't get ip from dhcp after compute restart |
1864822 |
Openvswitch Agent - Connexion openvswitch DB Broken |
1887148 |
Network loop between physical networks with DVR |
1871850 |
[L3] existing router resources are partial deleted unexpectedly when MQ is gone |
|
neutron (2:12.1.1-0ubuntu3) bionic; urgency=medium
[ Chris MacNaughton ]
* d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev.
[ Corey Bryant ]
* d/p/ovs-fw-remote-sg-ids-left-behind.patch: Cherry-picked from upstream
stable/queens to ensure proper cleanup of remote security group IDs when
a security group is removed (LP: #1881157).
-- Corey Bryant <email address hidden> Tue, 24 Nov 2020 10:33:03 -0500
|
About
-
Send Feedback to @ubuntu_updates