Comment 4 for bug 2030295

Revision history for this message
Jeremy Stanley (fungi) wrote :

Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security
reviewers for the affected project or projects confirm the bug and
discuss the scope of any vulnerability along with potential
solutions.

If I'm reading correctly, the concern is that guests may make some kinds of DNS queries which are then forwarded by Neutron's resolver to other outside resolvers. If Neutron has previously provided some guarantee of this as a security protection, for example if it documents publicly that it will protect DNS queries and avoid forwarding them, then this might qualify as a vulnerability. Even if so, I don't see that keeping this bug report secret is likely to prevent any particular exploit or abuse of that behavior.