Comment 56 for bug 1461054
Revision history for this message
| Aaron Rosen (arosen) wrote Re: Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221) | #56 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
@Tristan, the problem is that there are several places that need this deflate method in Juno. I think disabling /0 allowed address pairs is an okay hack to solve this security issue for juno. We can always a better fix later (though gerrit which will be easier to test). It does break an API workflow people could have previously been using, that said the dataplane slide of it would not have worked in juno because of this bug.
@Darragh - yes this issue exists in juno with the ip set driver.