Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.0863
neutron security update
19 March 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: neutron
Publisher: Debian
Operating System: Debian GNU/Linux 9
Linux variants
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-9735
Original Bulletin:
http://www.debian.org/security/2019/dsa-4409
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running neutron check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4409-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : neutron
CVE ID : CVE-2019-9735
Erik Olof Gunnar Andersson discovered that incorrect validation of port
settings in the iptables security group driver of Neutron, the OpenStack
virtual network service, could result in denial of service in a multi
tenant setup.
For the stable distribution (stretch), this problem has been fixed in
version 2:9.1.1-3+deb9u1.
We recommend that you upgrade your neutron packages.
For the detailed security status of neutron please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/neutron
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlyQGCkACgkQEMKTtsN8
TjZT7g/9GwL966ZPVu6CFzvhCA140tZqM6ZJ3TErKMfZMXy+eyVFk+9Bi3ies1B4
w+o8f1uKWUEAz94JryI5fuHxEBcNbDimK0TtXLZgoNS8YjLTOPjC1n3QHXEQVOSI
xMlytw+qEBFu/9IZXldnqehJ4Q4RoyYk6cP+WAD3McipIr04Wt8P26wpMnRSh+tp
uJ3By71rkAM4EoEDjxn4MQ0noNQmFudlGEMqLbQcUpQnbf/X4tt5QUN/uPg1azKU
OFwuVA5zQtwVU8cV6XMX/3WtHVNoP/3SldZQfR6q2+202DdaDsCl+qbmIhTzoIrY
vZEhWCdOgKId0CBoHwkbhMcJOUVWdoJzaQ2SpG6B4FqVc18kt3Iyxy2cUFsVm/yn
Fi7EyRvJMKVEM1u2tpbWSAi4UKL9TddfAa2Y/O+R8UldtJ+2MWQTXNAVwlwyC1vz
uIfgNhRkChEKE08PFUazf7WAKcKhwi65qszQuD6SZ5MVf15RF6ZAsG1Xub01VBv/
JJwYeXNoDIBs4zrId/eEi5nVL27rSFsOtykurMd5cHhIqbWTWE95erCwDuuJA14w
BeGllyPTug9qrZbQtTCI7UJSY5xHUOMmb8KPLeLxgwi+p68EtUN5ZvE45Hx8IRwk
27EGd5XEaUAtoztxzpRf56x8MlPL+Man+W2h7YtJfJXLDVWxSZI=
=uW3e
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXJA3AWaOgq3Tt24GAQh24hAAunApC+TB84vyrmdewBJj/g4MpZzE8RE0
5rHhOQ71L4wk6Y+psQMofMVF3sY1RP7rKXi6yIn4CvPbJURV3vk0TJPjpHgrBxQA
X3jQMoCnnl4U0qPb2KQrjpaeT4aE381C8+qKoRPbOPXw6kHKiDInEOiv3FV10Rkp
nq1M0K0XA1wQi2QxdpInImTgPyw+mnx6IKTC8JYcwlqFQmCw9lof+PIB3b+laAB8
vLFoGsAGL7kYh/AQMkdQDu18gGCcATWR2e2rZsx4IUDCddxBquynqQhC3sqNOMlP
KACYgXkM4Xq5U7qej+4oml638lWwCnA0f1aRIFlT4OTCdE4+sbZaSxfBXwC+OsBy
VEWWzjsrUAT0g2DBuZn7nxO8XgnpEe7VgcTHRY0n+YrdaCbsunNAuVMu2R9ZKHux
fn47S22jY7Pbn2zQyDAJPJsKtddOQLyHvWC+y0LeGFIDUGsPnzXijF9SouXoMqMC
TsvD2g6HSVDMwq3s3jiCtd8VaNW5aIz03dOCEgd4+2kr96rCIOQzrwL7SXmqw/zp
DUWuM/zSDjlHC4zCiC6GKXn0zxjHoqEGcU/8JoqrRM9otWHg3T4JogIRsG/RQsNx
5dLSYDmA5RM1vGHUvjk5HWoCdA329zWgsOpjBZdDbjcsGP/+Aumu76Uwg3uArpcO
cpzE1uPfbBA=
=C3qM
-----END PGP SIGNATURE-----