943648 – (CVE-2015-5240) VUL-0: CVE-2015-5240: openstack-neutron: possible trust abuse when connected to a shared network

Bug 943648 (CVE-2015-5240) - VUL-0: CVE-2015-5240: openstack-neutron: possible trust abuse when connected to a shared network

Summary: VUL-0: CVE-2015-5240: openstack-neutron: possible trust abuse when connected...

Status:	RESOLVED FIXED

Alias:	CVE-2015-5240

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:RedHat:CVE-2015-5240:4.9:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-08-28 14:59 UTC by Alexander Bergmann
Modified:	2016-04-27 19:44 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
cve-2015-5240-master-liberty.patch (8.68 KB, patch) 2015-08-28 15:01 UTC, Alexander Bergmann	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 4 Swamp Workflow Management 2015-08-28 22:00:57 UTC

bugbot adjusting priority

Comment 6 Victor Pereira 2015-09-04 08:41:27 UTC

A new set of patches are attached and we have now a new CRD:

CRD: 2015-09-08 1500UTC

Comment 10 Vincent Untz 2015-10-12 09:47:01 UTC

Will be in next update

Comment 11 Vincent Untz 2015-10-13 12:00:13 UTC

(In reply to Vincent Untz from comment #10)
> Will be in next update

Submitted in mr#74049.

Comment 12 Swamp Workflow Management 2015-11-02 17:32:19 UTC

SUSE-SU-2015:1890-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (low)
Bug References: 935263,939691,943648,946882,948704
CVE References: CVE-2015-3221,CVE-2015-5240
Sources used:
SUSE OpenStack Cloud 5 (src):    crowbar-barclamp-neutron-1.9+git.1443859419.95e948a-12.2, openstack-neutron-2014.2.4~a0~dev103-16.2, openstack-neutron-doc-2014.2.4~a0~dev103-16.4

Comment 13 Victor Pereira 2015-11-19 12:19:44 UTC

fixed and released.

Comment 14 Swamp Workflow Management 2015-12-07 18:13:24 UTC

SUSE-SU-2015:2220-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 927625,935017,935263,939691,942457,943648,944178,945923,948704,949070,949529
CVE References: CVE-2015-3221,CVE-2015-3241,CVE-2015-3280,CVE-2015-5240,CVE-2015-7713
Sources used:
SUSE OpenStack Cloud Compute 5 (src):    openstack-neutron-2014.2.4~a0~dev103-10.3, openstack-nova-2014.2.4~a0~dev80-14.1, python-python-memcached-1.54-2.1