tripleo

cve-2017-7549 - instack-undercloud uses hardcoded /tmp paths

Bug #1712380 reported by Alex Schultz on 2017-08-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Critical	Alex Schultz	tripleo pike-rc2

Bug Description

https://access.redhat.com/security/cve/cve-2017-7549

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-22: Fix proposed to instack-undercloud (master)

Fix proposed to branch: master
Review: https://review.openstack.org/496292

Changed in tripleo:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-22: Fix proposed to instack-undercloud (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/496300

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-22: Fix proposed to instack-undercloud (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/496303

Emilien Macchi (emilienm) on 2017-08-25

Changed in tripleo:
milestone:	pike-rc1 → pike-rc2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-30: Fix merged to instack-undercloud (stable/ocata)

Reviewed: https://review.openstack.org/496300
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=02d25849aaa5fec977346c785b0ed594fd55321d
Submitter: Jenkins
Branch: stable/ocata

commit 02d25849aaa5fec977346c785b0ed594fd55321d
Author: James Slagle <email address hidden>
Date: Fri Aug 4 13:28:17 2017 -0400

Remove isolated-build element

    The element is no longer used in the undercloud install as it's not
    contained in any of the json files under json-files or included by any
    element dependencies.

This is a fix for the security issue where the /tmp path is used.

    Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15
    Closes-Bug: #1712380
    (cherry picked from commit 722d9e4292f2013c4c13ce391778b902c88d83f1)

tags:

added: in-stable-ocata

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-31: Fix merged to instack-undercloud (master)

Reviewed: https://review.openstack.org/496292
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=722d9e4292f2013c4c13ce391778b902c88d83f1
Submitter: Jenkins
Branch: master

commit 722d9e4292f2013c4c13ce391778b902c88d83f1
Author: James Slagle <email address hidden>
Date: Fri Aug 4 13:28:17 2017 -0400

Remove isolated-build element

    The element is no longer used in the undercloud install as it's not
    contained in any of the json files under json-files or included by any
    element dependencies.

This is a fix for the security issue where the /tmp path is used.

Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15
Closes-Bug: #1712380

Changed in tripleo:
status:	In Progress → Fix Released
tags:	added: in-stable-newton

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-31: Fix merged to instack-undercloud (stable/newton)

Reviewed: https://review.openstack.org/496303
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=808c89b9247b0570f32a67b88d102790445ebee5
Submitter: Jenkins
Branch: stable/newton

commit 808c89b9247b0570f32a67b88d102790445ebee5
Author: James Slagle <email address hidden>
Date: Fri Aug 4 13:28:17 2017 -0400

Remove isolated-build element

    The element is no longer used in the undercloud install as it's not
    contained in any of the json files under json-files or included by any
    element dependencies.

This is a fix for the security issue where the /tmp path is used.

    Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15
    Closes-Bug: #1712380
    (cherry picked from commit 722d9e4292f2013c4c13ce391778b902c88d83f1)