6.4 - RHSA-2016:1473

Problem Description:

An update for openstack-neutron is now available for Red Hat OpenStack Platform 8.0 (Liberty).

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 8.0 (Liberty) - noarch

3. Description:

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

* Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests. (CVE-2015-8914, CVE-2016-5362, CVE-2016-5363)

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1330778 - Deadlock occurs when we turn on syslog and forking a process 1345889 - CVE-2016-5362 openstack-neutron: DHCP spoofing vulnerability 1345891 - CVE-2016-5363 openstack-neutron: MAC source address spoofing vulnerability 1345892 - CVE-2015-8914 openstack-neutron: ICMPv6 source address spoofing vulnerability