[SECURITY] [DLA 2781-1] neutron security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2781-1] neutron security update
From: "Chris Lamb" <lamby@debian.org>
Date: Mon, 11 Oct 2021 10:33:02 -0400 (EDT)
Message-id: <[🔎] 163396275802.2454464.4058239004238500658@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2781-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
October 11, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : neutron
Version        : 2:9.1.1-3+deb9u2
CVE ID         : CVE-2021-40085
Debian Bug     : #993398

It was discovered that there was an issue where authenticated
attackers could have reconfigured dnsmasq via a crafted
extra_dhcp_opts value within OpenStack's Neutron virtual network
service.

For Debian 9 "Stretch", this problem has been fixed in version
2:9.1.1-3+deb9u2.

We recommend that you upgrade your neutron packages.

For the detailed security status of neutron please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/neutron

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmFkSwMACgkQHpU+J9Qx
HlilCw/+NjfSTPE63rFtU9W9DbdfupymqczVIT7JyqQtRiC7mup4W3DhgyP0FBg+
xmT9U98S8/duMD6UIZpmlt/q91rJKJLu+oqEnyDUaLFHNIhsYY5aNs6bsq332SUA
hi1hOf7Npl+BYRmHXZKQBImerSZi6lf7EFoV5QblCdVG5ZJmd5ZVZLKe2NyMCUpL
osYbMUhXdKMTL3/lUQyKUWhKsBsCplskGklZtVltkGbDXGakjQ+t5NhkfTIjue2Q
RJHi/0g+zJQqRhN1vRdVFH8V1ERxWppGyRuPni6w0rMbnVW7isk313tn+irxh8b6
tOQn8VBkhpZZ4X21+GYmTLhECykWkLAXa6pFqmpaTD6OsRO92Fc2Q1VC949y6Z9f
ebs6kYYxCQHvAvGscwhlWpp2sZA2eb+ug+GLRfdnhVlzZSn3h8xYTnsk28Eh7GAr
FpzvPcoel5+dkQ+1WVqiprtsdcz38CDCIxOtHpJwnEeBpAhsLklECivr6/0g0Omp
H4j1OoYPHQ5o9YTeIZLw7E+ggyZhhSbJIAokzKxcqmrOgt/IR1aBNG+Ipghe7K4K
cfyLDxFfVV0nxayBUz45Bhdl8siF5LQAIZzKJSqd7cUrqnCePNodRVnnyQVVKZGd
OGxvezjWMgyq6Aa73EcS6eDUaDUtq1cawSbAocTmvU83bPQ5UTI=
=7iI1
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2777-1] tiff security update
Next by Date: [SECURITY] [DLA 2782-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 2777-1] tiff security update
Next by thread: [SECURITY] [DLA 2782-1] firefox-esr security update
Index(es):
- Date
- Thread