CVE 2014-4167
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
Related bugs and status
CVE-2014-4167 (Candidate) is related to these bugs:
Bug #1185019: rootwrap sudoers configuration does not follow packaging guidelines
Bug #1309195: [OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table (CVE-2014-4167)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1309195 | [OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table (CVE-2014-4167) | neutron | Critical | Fix Released | ||
| 1309195 | [OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table (CVE-2014-4167) | OpenStack Security Advisory | High | Fix Released | ||
| 1309195 | [OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table (CVE-2014-4167) | neutron icehouse | Critical | Fix Released | ||
| 1309195 | [OSSA 2014-019] IPv6 prefix shouldn't be added in the NAT table (CVE-2014-4167) | neutron havana | Critical | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
