ALT-PU-2015-2873-1

Package update openstack-neutron in branch sisyphus

Version2015.1.0-alt0.b2.0

Published2015-03-18

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.6

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.

Published: 2014-10-07Modified: 2025-04-12

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

MEDIUM4.0

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Published: 2014-11-24Modified: 2025-04-12

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

References