{"id":"USN-4036-1","summary":"neutron vulnerability","details":"Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly\nhandled certain security group rules in the iptables firewall module. An\nauthenticated attacker could possibly use this issue to block further\napplication of security group rules for other instances.\n","modified":"2026-02-10T04:41:34Z","published":"2019-06-25T11:48:25Z","related":["UBUNTU-CVE-2019-9735"],"upstream":["CVE-2019-9735","UBUNTU-CVE-2019-9735"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4036-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9735"}],"affected":[{"package":{"name":"neutron","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/neutron@2:8.4.0-0ubuntu7.4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.4.0-0ubuntu7.4"}]}],"versions":["2:7.0.0-0ubuntu1","2:8.0.0~b1-0ubuntu2","2:8.0.0~b2-0ubuntu4","2:8.0.0~b2-0ubuntu5","2:8.0.0~b2-0ubuntu7","2:8.0.0~b3-0ubuntu1","2:8.0.0~rc1-0ubuntu1","2:8.0.0-0ubuntu1","2:8.1.0-0ubuntu0.16.04.2","2:8.1.2-0ubuntu1","2:8.2.0-0ubuntu1","2:8.3.0-0ubuntu1","2:8.3.0-0ubuntu1.1","2:8.3.0-0ubuntu1.2","2:8.4.0-0ubuntu1","2:8.4.0-0ubuntu2","2:8.4.0-0ubuntu3","2:8.4.0-0ubuntu4","2:8.4.0-0ubuntu5","2:8.4.0-0ubuntu6","2:8.4.0-0ubuntu7.1","2:8.4.0-0ubuntu7.2","2:8.4.0-0ubuntu7.3"],"ecosystem_specific":{"binaries":[{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-bgp-dragent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-common"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-dhcp-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-l3-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-linuxbridge-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-macvtap-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-metadata-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-metering-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-openvswitch-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-plugin-linuxbridge-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-plugin-ml2"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-plugin-openvswitch-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-plugin-sriov-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-server"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-sriov-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"python-neutron"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2019-9735","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4036-1.json"}}],"schema_version":"1.7.3"}