OSSA-2015-001: L3 agent denial of service with radvd 2.0+¶
January 08, 2015
Neutron: 2014.2 version up to 2014.2.1
Ihar Hrachyshka from Red Hat reported a vulnerability in Neutron. By creating 8 routers and assigning each of them a non-provider ipv6 subnet, a malicious user may block router update processing for all tenants, potentially resulting in a Denial of Service. Only Neutron setups running with radvd 2.0+ are affected.
Ihar Hrachyshka from Red Hat (CVE-2014-8153)
This fix will be included in a future 2014.2.2 release.
The OSSA announce format for the 2015 advisories has been changed to RST.