Launchpad CVE tracker

CVE 2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

Related bugs and status

CVE-2017-5936 (Candidate) is related to these bugs:

Bug #1656847: neutron security group rules not applied to nova-lxd containers

		In	Importance	Status
1656847	neutron security group rules not applied to nova-lxd containers	nova-lxd	High	Fix Released
1656847	neutron security group rules not applied to nova-lxd containers	nova-lxd (Ubuntu)	High	Fix Released
1656847	neutron security group rules not applied to nova-lxd containers	nova-lxd (Ubuntu Zesty)	High	Fix Released
1656847	neutron security group rules not applied to nova-lxd containers	nova-lxd (Ubuntu Yakkety)	High	Fix Released
1656847	neutron security group rules not applied to nova-lxd containers	nova-lxd (Ubuntu Xenial)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2017020...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://github.com/ope...
UBUNTU: USN-3195-1
BID: 96182

Launchpad.net

CVE 2017-5936

Related bugs and status

Related bugs

References