David Sinquin

**Name of the Vulnerable Software and Affected Versions** openstack-neutron versions prior to 15.3.3 openstack-neutron versions prior to 16.3.1 openstack-neutron versions prior to 17.1.1 **Description** A flaw was found in openstack-neutron's default Open vSwitch firewall rules, related to insufficient authentication of data. This issue can be exploited by sending carefully crafted packets, allowing an attacker to impersonate the IPv6 addresses of other systems on the network. This can result in denial of service or possibly interception of traffic intended for other destinations. The issue affects deployments using the Open vSwitch driver. **Recommendations** For versions prior to 15.3.3, update to version 15.3.3 or later. For versions prior to 16.3.1, update to version 16.3.1 or later. For versions prior to 17.1.1, update to version 17.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.6.3 **Description** The issue allows local users to bypass intended file-permission restrictions. This is related to the handling of POSIX ACLs in the nfsd component of the Linux kernel, specifically in the nfs2acl.c, nfs3acl.c, and nfs4acl.c files. **Recommendations** For Linux kernel versions prior to 4.6.3, update to a version that includes the necessary fixes to prevent the bypassing of file-permission restrictions.