CVE-2019-10876

NameCVE-2019-10876
DescriptionAn issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs926502

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
neutron (PTS)buster, buster (security)2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1fixed
bullseye (security), bullseye2:17.2.1-0+deb11u1fixed
bookworm2:21.0.0-7fixed
sid, trixie2:23.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
neutronsourcejessie(not affected)
neutronsourcestretch(not affected)
neutronsource(unstable)2:13.0.2-15926502

Notes

[stretch] - neutron <not-affected> (Vulnerable code introduced later; Around Pike Openstack release)
[jessie] - neutron <not-affected> (Vulnerable code introduced later; Around Pike Openstack release)
https://bugs.launchpad.net/ossa/+bug/1813007
https://review.openstack.org/#/q/topic:bug/1813007

Search for package or bug name: Reporting problems