neutron

Overview
Code
Bugs
Blueprints
Translations
Answers

Series kilo
Bug #1461054
Comment #58

Comment 58 for bug 1461054

Revision history for this message

Tristan Cacqueray (tristan-cacqueray) wrote on 2015-06-15: Re: Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221)

#58

@neutron-coresec, please review proposed fix (comments #13 for Liberty, #31 Kilo and #57 for Juno).

For Juno, since this bug prevented to use the zero_prefixed address pairs workflow correctly, I would say we can go with the proposed patch,

The note for affected Juno users would be: "Zero prefixed address pair are not accepted by the Juno API, users need to use 0.0.0.0/1 and 128.0.0.1/1 or ::/1' and '8000::/1. The fix_zero_length_ip_prefix.py tool can be used to clean ports that were mis-configured with a zero prefixed address"