CVE-2019-15753

Опубликовано: 28 авг. 2019

Источник: ubuntu

Приоритет: low

CVSS2: 6.4

CVSS3: 9.1

Описание

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	not-affected	2.8.0-0ubuntu1
disco	ignored	end of life
eoan	ignored	end of life
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	code not present
esm-infra/focal	needed
focal	ignored	end of standard support, was needed
groovy	ignored	end of life
hirsute	ignored	end of life

Показывать по

Ссылки на источники

6.4 Medium

CVSS2

9.1 Critical

CVSS3

Связанные уязвимости

CVE-2019-15753

CVSS3: 5.2

redhat

больше 6 лет назад

CVE-2019-15753

CVSS3: 9.1

nvd

больше 6 лет назад

CVE-2019-15753

CVSS3: 9.1

debian

больше 6 лет назад

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC ...

GHSA-mcpw-cp35-p3h8

CVSS3: 9.1

github

больше 3 лет назад

OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning

6.4 Medium

CVSS2

9.1 Critical

CVSS3

CVE-2019-15753

Описание

Пакет python-os-vif

Ссылки на источники

Связанные уязвимости