Upstream information

CVE-2021-21419 at MITRE

Description

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

SUSE information

Overall state of this security issue: Running

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 5.3 7.5
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector Network Network
Access Complexity Low Low
Privileges Required None None
User Interaction None None
Scope Unchanged Unchanged
Confidentiality Impact None None
Integrity Impact None None
Availability Impact Low High
CVSSv3 Version 3.1 3.1
SUSE Bugzilla entry: 1185836 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
HPE Helion Openstack 8
  • ardana-cobbler >= 8.0+git.1614096566.e8c2b27-3.44.3
  • cassandra >= 3.11.10-5.3.5
  • cassandra-tools >= 3.11.10-5.3.5
  • documentation-hpe-helion-openstack-installation >= 8.20210512-1.32.5
  • documentation-hpe-helion-openstack-operations >= 8.20210512-1.32.5
  • documentation-hpe-helion-openstack-opsconsole >= 8.20210512-1.32.5
  • documentation-hpe-helion-openstack-planning >= 8.20210512-1.32.5
  • documentation-hpe-helion-openstack-security >= 8.20210512-1.32.5
  • documentation-hpe-helion-openstack-user >= 8.20210512-1.32.5
  • grafana >= 6.7.4-4.18.2
  • kibana >= 4.6.6-3.9.2
  • openstack-heat-templates >= 0.0.0+git.1623056900.7917e18-3.21.3
  • openstack-monasca-installer >= 20190923_16.32-3.18.2
  • openstack-nova >= 16.1.9~dev92-3.48.5
  • openstack-nova-api >= 16.1.9~dev92-3.48.5
  • openstack-nova-cells >= 16.1.9~dev92-3.48.5
  • openstack-nova-compute >= 16.1.9~dev92-3.48.5
  • openstack-nova-conductor >= 16.1.9~dev92-3.48.5
  • openstack-nova-console >= 16.1.9~dev92-3.48.5
  • openstack-nova-consoleauth >= 16.1.9~dev92-3.48.5
  • openstack-nova-doc >= 16.1.9~dev92-3.48.5
  • openstack-nova-novncproxy >= 16.1.9~dev92-3.48.5
  • openstack-nova-placement-api >= 16.1.9~dev92-3.48.5
  • openstack-nova-scheduler >= 16.1.9~dev92-3.48.5
  • openstack-nova-serialproxy >= 16.1.9~dev92-3.48.5
  • openstack-nova-vncproxy >= 16.1.9~dev92-3.48.5
  • python-Django >= 1.11.29-3.25.3
  • python-elementpath >= 1.3.1-1.3.2
  • python-eventlet >= 0.20.0-6.3.3
  • python-nova >= 16.1.9~dev92-3.48.5
  • python-py >= 1.4.34-3.3.3
  • python-pysaml2 >= 4.0.2-5.9.2
  • python-xmlschema >= 1.0.18-1.3.3
  • venv-openstack-aodh-x86_64 >= 5.1.1~dev7-12.32.3
  • venv-openstack-barbican-x86_64 >= 5.0.2~dev3-12.33.3
  • venv-openstack-ceilometer-x86_64 >= 9.0.8~dev7-12.30.3
  • venv-openstack-cinder-x86_64 >= 11.2.3~dev29-14.34.2
  • venv-openstack-designate-x86_64 >= 5.0.3~dev7-12.31.3
  • venv-openstack-freezer-x86_64 >= 5.0.0.0~xrc2~dev2-10.28.3
  • venv-openstack-glance-x86_64 >= 15.0.3~dev3-12.31.3
  • venv-openstack-heat-x86_64 >= 9.0.8~dev22-12.33.2
  • venv-openstack-horizon-hpe-x86_64 >= 12.0.5~dev6-14.36.3
  • venv-openstack-ironic-x86_64 >= 9.1.8~dev8-12.33.3
  • venv-openstack-keystone-x86_64 >= 12.0.4~dev11-11.35.3
  • venv-openstack-magnum-x86_64 >= 5.0.2_5.0.2_5.0.2~dev31-11.32.2
  • venv-openstack-manila-x86_64 >= 5.1.1~dev5-12.37.3
  • venv-openstack-monasca-ceilometer-x86_64 >= 1.5.1_1.5.1_1.5.1~dev3-8.28.3
  • venv-openstack-monasca-x86_64 >= 2.2.2~dev1-11.28.3
  • venv-openstack-murano-x86_64 >= 4.0.2~dev2-12.28.3
  • venv-openstack-neutron-x86_64 >= 11.0.9~dev69-13.38.3
  • venv-openstack-nova-x86_64 >= 16.1.9~dev92-11.36.3
  • venv-openstack-octavia-x86_64 >= 1.0.6~dev3-12.33.3
  • venv-openstack-sahara-x86_64 >= 7.0.5~dev4-11.32.3
  • venv-openstack-swift-x86_64 >= 2.15.2_2.15.2_2.15.2~dev32-11.23.3
  • venv-openstack-trove-x86_64 >= 8.0.2~dev2-11.32.3
Patchnames:
HPE-Helion-OpenStack-8-2021-2554
SUSE OpenStack Cloud 8
  • ardana-cobbler >= 8.0+git.1614096566.e8c2b27-3.44.3
  • cassandra >= 3.11.10-5.3.5
  • cassandra-tools >= 3.11.10-5.3.5
  • documentation-suse-openstack-cloud-installation >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-operations >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-opsconsole >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-planning >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-security >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-supplement >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-upstream-admin >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-upstream-user >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-user >= 8.20210512-1.32.5
  • grafana >= 6.7.4-4.18.2
  • kibana >= 4.6.6-3.9.2
  • openstack-heat-templates >= 0.0.0+git.1623056900.7917e18-3.21.3
  • openstack-monasca-installer >= 20190923_16.32-3.18.2
  • openstack-nova >= 16.1.9~dev92-3.48.5
  • openstack-nova-api >= 16.1.9~dev92-3.48.5
  • openstack-nova-cells >= 16.1.9~dev92-3.48.5
  • openstack-nova-compute >= 16.1.9~dev92-3.48.5
  • openstack-nova-conductor >= 16.1.9~dev92-3.48.5
  • openstack-nova-console >= 16.1.9~dev92-3.48.5
  • openstack-nova-consoleauth >= 16.1.9~dev92-3.48.5
  • openstack-nova-doc >= 16.1.9~dev92-3.48.5
  • openstack-nova-novncproxy >= 16.1.9~dev92-3.48.5
  • openstack-nova-placement-api >= 16.1.9~dev92-3.48.5
  • openstack-nova-scheduler >= 16.1.9~dev92-3.48.5
  • openstack-nova-serialproxy >= 16.1.9~dev92-3.48.5
  • openstack-nova-vncproxy >= 16.1.9~dev92-3.48.5
  • python-Django >= 1.11.29-3.25.3
  • python-elementpath >= 1.3.1-1.3.2
  • python-eventlet >= 0.20.0-6.3.3
  • python-nova >= 16.1.9~dev92-3.48.5
  • python-py >= 1.4.34-3.3.3
  • python-pysaml2 >= 4.0.2-5.9.2
  • python-xmlschema >= 1.0.18-1.3.3
  • venv-openstack-aodh-x86_64 >= 5.1.1~dev7-12.32.3
  • venv-openstack-barbican-x86_64 >= 5.0.2~dev3-12.33.3
  • venv-openstack-ceilometer-x86_64 >= 9.0.8~dev7-12.30.3
  • venv-openstack-cinder-x86_64 >= 11.2.3~dev29-14.34.2
  • venv-openstack-designate-x86_64 >= 5.0.3~dev7-12.31.3
  • venv-openstack-freezer-x86_64 >= 5.0.0.0~xrc2~dev2-10.28.3
  • venv-openstack-glance-x86_64 >= 15.0.3~dev3-12.31.3
  • venv-openstack-heat-x86_64 >= 9.0.8~dev22-12.33.2
  • venv-openstack-horizon-x86_64 >= 12.0.5~dev6-14.36.6
  • venv-openstack-ironic-x86_64 >= 9.1.8~dev8-12.33.3
  • venv-openstack-keystone-x86_64 >= 12.0.4~dev11-11.35.3
  • venv-openstack-magnum-x86_64 >= 5.0.2_5.0.2_5.0.2~dev31-11.32.2
  • venv-openstack-manila-x86_64 >= 5.1.1~dev5-12.37.3
  • venv-openstack-monasca-ceilometer-x86_64 >= 1.5.1_1.5.1_1.5.1~dev3-8.28.3
  • venv-openstack-monasca-x86_64 >= 2.2.2~dev1-11.28.3
  • venv-openstack-murano-x86_64 >= 4.0.2~dev2-12.28.3
  • venv-openstack-neutron-x86_64 >= 11.0.9~dev69-13.38.3
  • venv-openstack-nova-x86_64 >= 16.1.9~dev92-11.36.3
  • venv-openstack-octavia-x86_64 >= 1.0.6~dev3-12.33.3
  • venv-openstack-sahara-x86_64 >= 7.0.5~dev4-11.32.3
  • venv-openstack-swift-x86_64 >= 2.15.2_2.15.2_2.15.2~dev32-11.23.3
  • venv-openstack-trove-x86_64 >= 8.0.2~dev2-11.32.3
Patchnames:
SUSE-OpenStack-Cloud-8-2021-2554
SUSE OpenStack Cloud 9
  • ardana-ansible >= 9.0+git.1628097238.f6cbb0e-3.29.1
  • ardana-monasca >= 9.0+git.1627995376.30bdf85-3.25.1
  • influxdb >= 1.3.8-4.6.1
  • kibana >= 4.6.6-4.12.1
  • openstack-cinder >= 13.0.10~dev23-3.31.2
  • openstack-cinder-api >= 13.0.10~dev23-3.31.2
  • openstack-cinder-backup >= 13.0.10~dev23-3.31.2
  • openstack-cinder-scheduler >= 13.0.10~dev23-3.31.2
  • openstack-cinder-volume >= 13.0.10~dev23-3.31.2
  • openstack-ec2-api >= 7.1.1~dev6-3.3.2
  • openstack-ec2-api-api >= 7.1.1~dev6-3.3.2
  • openstack-ec2-api-metadata >= 7.1.1~dev6-3.3.2
  • openstack-ec2-api-s3 >= 7.1.1~dev6-3.3.2
  • openstack-heat-gbp >= 12.0.1~dev4-3.6.1
  • openstack-heat-templates >= 0.0.0+git.1628179051.7d761bff-3.12.1
  • openstack-horizon-plugin-gbp-ui >= 12.0.1~dev5-3.6.1
  • openstack-keystone >= 14.2.1~dev7-3.25.2
  • openstack-neutron-gbp >= 14.0.1~dev19-3.28.1
  • openstack-nova >= 18.3.1~dev91-3.40.1
  • openstack-nova-api >= 18.3.1~dev91-3.40.1
  • openstack-nova-cells >= 18.3.1~dev91-3.40.1
  • openstack-nova-compute >= 18.3.1~dev91-3.40.1
  • openstack-nova-conductor >= 18.3.1~dev91-3.40.1
  • openstack-nova-console >= 18.3.1~dev91-3.40.1
  • openstack-nova-novncproxy >= 18.3.1~dev91-3.40.1
  • openstack-nova-placement-api >= 18.3.1~dev91-3.40.1
  • openstack-nova-scheduler >= 18.3.1~dev91-3.40.1
  • openstack-nova-serialproxy >= 18.3.1~dev91-3.40.1
  • openstack-nova-vncproxy >= 18.3.1~dev91-3.40.1
  • python-cinder >= 13.0.10~dev23-3.31.2
  • python-ec2api >= 7.1.1~dev6-3.3.2
  • python-eventlet >= 0.20.0-8.3.1
  • python-heat-gbp >= 12.0.1~dev4-3.6.1
  • python-horizon-plugin-gbp-ui >= 12.0.1~dev5-3.6.1
  • python-keystone >= 14.2.1~dev7-3.25.2
  • python-neutron-gbp >= 14.0.1~dev19-3.28.1
  • python-nova >= 18.3.1~dev91-3.40.1
  • venv-openstack-barbican-x86_64 >= 7.0.1~dev24-3.25.1
  • venv-openstack-cinder-x86_64 >= 13.0.10~dev23-3.28.1
  • venv-openstack-designate-x86_64 >= 7.0.2~dev2-3.25.1
  • venv-openstack-glance-x86_64 >= 17.0.1~dev30-3.23.1
  • venv-openstack-heat-x86_64 >= 11.0.4~dev4-3.25.1
  • venv-openstack-horizon-x86_64 >= 14.1.1~dev11-4.29.1
  • venv-openstack-ironic-x86_64 >= 11.1.5~dev17-4.23.1
  • venv-openstack-keystone-x86_64 >= 14.2.1~dev7-3.26.1
  • venv-openstack-magnum-x86_64 >= 7.2.1~dev1-4.25.1
  • venv-openstack-manila-x86_64 >= 7.4.2~dev60-3.31.1
  • venv-openstack-monasca-ceilometer-x86_64 >= 1.8.2~dev3-3.25.1
  • venv-openstack-monasca-x86_64 >= 2.7.1~dev10-3.23.1
  • venv-openstack-neutron-x86_64 >= 13.0.8~dev164-6.29.1
  • venv-openstack-nova-x86_64 >= 18.3.1~dev91-3.29.1
  • venv-openstack-octavia-x86_64 >= 3.2.3~dev7-4.25.1
  • venv-openstack-sahara-x86_64 >= 9.0.2~dev15-3.25.1
  • venv-openstack-swift-x86_64 >= 2.19.2~dev48-2.20.1
Patchnames:
SUSE-OpenStack-Cloud-9-2021-3729
SUSE OpenStack Cloud Crowbar 8
  • cassandra >= 3.11.10-5.3.5
  • cassandra-tools >= 3.11.10-5.3.5
  • crowbar-core >= 5.0+git.1622489449.a8e60e238-3.50.4
  • crowbar-core-branding-upstream >= 5.0+git.1622489449.a8e60e238-3.50.4
  • crowbar-openstack >= 5.0+git.1616001417.67fd9c2a1-4.52.5
  • documentation-suse-openstack-cloud-deployment >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-supplement >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-upstream-admin >= 8.20210512-1.32.5
  • documentation-suse-openstack-cloud-upstream-user >= 8.20210512-1.32.5
  • grafana >= 6.7.4-4.18.2
  • kibana >= 4.6.6-3.9.2
  • openstack-heat-templates >= 0.0.0+git.1623056900.7917e18-3.21.3
  • openstack-monasca-installer >= 20190923_16.32-3.18.2
  • openstack-nova >= 16.1.9~dev92-3.48.5
  • openstack-nova-api >= 16.1.9~dev92-3.48.5
  • openstack-nova-cells >= 16.1.9~dev92-3.48.5
  • openstack-nova-compute >= 16.1.9~dev92-3.48.5
  • openstack-nova-conductor >= 16.1.9~dev92-3.48.5
  • openstack-nova-console >= 16.1.9~dev92-3.48.5
  • openstack-nova-consoleauth >= 16.1.9~dev92-3.48.5
  • openstack-nova-doc >= 16.1.9~dev92-3.48.5
  • openstack-nova-novncproxy >= 16.1.9~dev92-3.48.5
  • openstack-nova-placement-api >= 16.1.9~dev92-3.48.5
  • openstack-nova-scheduler >= 16.1.9~dev92-3.48.5
  • openstack-nova-serialproxy >= 16.1.9~dev92-3.48.5
  • openstack-nova-vncproxy >= 16.1.9~dev92-3.48.5
  • python-Django >= 1.11.29-3.25.3
  • python-elementpath >= 1.3.1-1.3.2
  • python-eventlet >= 0.20.0-6.3.3
  • python-nova >= 16.1.9~dev92-3.48.5
  • python-py >= 1.4.34-3.3.3
  • python-pysaml2 >= 4.0.2-5.9.2
  • python-xmlschema >= 1.0.18-1.3.3
  • ruby2.1-rubygem-activerecord-session_store >= 0.1.2-3.3.2
Patchnames:
SUSE-OpenStack-Cloud-Crowbar-8-2021-2554
SUSE OpenStack Cloud Crowbar 9
  • crowbar-openstack >= 6.0+git.1630614261.26948f746-3.37.2
  • influxdb >= 1.3.8-4.6.1
  • kibana >= 4.6.6-4.12.1
  • openstack-cinder >= 13.0.10~dev23-3.31.2
  • openstack-cinder-api >= 13.0.10~dev23-3.31.2
  • openstack-cinder-backup >= 13.0.10~dev23-3.31.2
  • openstack-cinder-scheduler >= 13.0.10~dev23-3.31.2
  • openstack-cinder-volume >= 13.0.10~dev23-3.31.2
  • openstack-ec2-api >= 7.1.1~dev6-3.3.2
  • openstack-ec2-api-api >= 7.1.1~dev6-3.3.2
  • openstack-ec2-api-metadata >= 7.1.1~dev6-3.3.2
  • openstack-ec2-api-s3 >= 7.1.1~dev6-3.3.2
  • openstack-heat-gbp >= 12.0.1~dev4-3.6.1
  • openstack-heat-templates >= 0.0.0+git.1628179051.7d761bff-3.12.1
  • openstack-horizon-plugin-gbp-ui >= 12.0.1~dev5-3.6.1
  • openstack-keystone >= 14.2.1~dev7-3.25.2
  • openstack-neutron-gbp >= 14.0.1~dev19-3.28.1
  • openstack-nova >= 18.3.1~dev91-3.40.1
  • openstack-nova-api >= 18.3.1~dev91-3.40.1
  • openstack-nova-cells >= 18.3.1~dev91-3.40.1
  • openstack-nova-compute >= 18.3.1~dev91-3.40.1
  • openstack-nova-conductor >= 18.3.1~dev91-3.40.1
  • openstack-nova-console >= 18.3.1~dev91-3.40.1
  • openstack-nova-novncproxy >= 18.3.1~dev91-3.40.1
  • openstack-nova-placement-api >= 18.3.1~dev91-3.40.1
  • openstack-nova-scheduler >= 18.3.1~dev91-3.40.1
  • openstack-nova-serialproxy >= 18.3.1~dev91-3.40.1
  • openstack-nova-vncproxy >= 18.3.1~dev91-3.40.1
  • python-cinder >= 13.0.10~dev23-3.31.2
  • python-ec2api >= 7.1.1~dev6-3.3.2
  • python-eventlet >= 0.20.0-8.3.1
  • python-heat-gbp >= 12.0.1~dev4-3.6.1
  • python-horizon-plugin-gbp-ui >= 12.0.1~dev5-3.6.1
  • python-keystone >= 14.2.1~dev7-3.25.2
  • python-neutron-gbp >= 14.0.1~dev19-3.28.1
  • python-nova >= 18.3.1~dev91-3.40.1
  • ruby2.1-rubygem-puma >= 2.16.0-4.15.1
  • ruby2.1-rubygem-redcarpet >= 3.2.3-4.3.1
Patchnames:
SUSE-OpenStack-Cloud-Crowbar-9-2021-3729


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s) Source package State
HPE Helion OpenStack 8 python-eventlet Released
SUSE OpenStack Cloud 7 python-aioeventlet Not affected
SUSE OpenStack Cloud 7 python-eventlet Unsupported
SUSE OpenStack Cloud 8 python-eventlet Released
SUSE OpenStack Cloud 9 python-eventlet Released
SUSE OpenStack Cloud Crowbar 8 python-eventlet Released
SUSE OpenStack Cloud Crowbar 9 python-eventlet Released