Reviewed: https://review.opendev.org/c/openstack/neutron/+/806746 Committed: https://opendev.org/openstack/neutron/commit/df891f0593d234e01f27d7c0376d9702e178ecfb Submitter: "Zuul (22348)" Branch: master
commit df891f0593d234e01f27d7c0376d9702e178ecfb Author: Slawek Kaplonski <[email protected]> Date: Tue Aug 31 15:43:11 2021 +0200 Remove dhcp_extra_opt value after first newline character Passing newline to the dnsmasq may cause security issues, especially that in case of Neutron that dhcp options' values are controlled by cloud users. This patch removes everything what is after first newline character in the dhcp_extra_opt's values before passing them to dnsmasq. Closes-Bug: #1939733 Change-Id: Ifeaf258f0b5ea86f25620ac4116d618980a7272e ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939733 Title: [OSSA-2021-005] Arbitrary dnsmasq reconfiguration via extra_dhcp_opts (CVE-2021-40085) To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1939733/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
