CVE-2019-10876

NameCVE-2019-10876
DescriptionAn issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs926502

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
neutron (PTS)stretch (security), stretch2:9.1.1-3+deb9u1fixed
buster2:13.0.2-15fixed
bullseye2:16.0.0-2fixed
sid2:16.0.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
neutronsourcejessie(not affected)
neutronsourcestretch(not affected)
neutronsource(unstable)2:13.0.2-15926502

Notes

[stretch] - neutron <not-affected> (Vulnerable code introduced later; Around Pike Openstack release)
[jessie] - neutron <not-affected> (Vulnerable code introduced later; Around Pike Openstack release)
https://bugs.launchpad.net/ossa/+bug/1813007
https://review.openstack.org/#/q/topic:bug/1813007

Search for package or bug name: Reporting problems