os-vif

  1. Series stein
  2. Bug #1837252
  3. Comment #13

Comment 13 for bug 1837252

Revision history for this message
melanie witt (melwitt) wrote : Re: IFLA_BR_AGEING_TIME of 0 causes flooding across bridges

> Also, as openstack/os-vif is not tagged vulnerability:managed in governance and the Nova bugtask was invalidated, I'm marking our Advisory task Won't Fix but am still happy to assist the maintainers with any advisory they consider relevant.

Based on what mnaser said in #openstack-nova today [1], this bug involves VMs being able to see other VMs network traffic, which is a serious security issue worthy of an advisory for operators, IMHO. Does anyone else agree?

And if I'm not missing something about the severity of this issue, should openstack/os-vif be tagged vulnerability:managed, to ensure we get proper security handling of bugs in the future?

[1] http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2019-08-22.log.html#t2019-08-22T19:48:38