2016-01-04 17:43:24 |
Roman Podoliaka |
bug |
|
|
added bug |
2016-01-04 17:43:24 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-master-mitaka-0001.patch https://bugs.launchpad.net/bugs/1530927/+attachment/4543904/+files/cve-2015-7548-master-mitaka-0001.patch |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
nominated for series |
|
mos/8.0.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
bug task added |
|
mos/8.0.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
nominated for series |
|
mos/6.0.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
bug task added |
|
mos/6.0.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
nominated for series |
|
mos/7.0.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
bug task added |
|
mos/7.0.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
nominated for series |
|
mos/9.0.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
bug task added |
|
mos/9.0.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
nominated for series |
|
mos/5.1.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
bug task added |
|
mos/5.1.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
nominated for series |
|
mos/6.1.x |
|
2016-01-04 17:43:47 |
Roman Podoliaka |
bug task added |
|
mos/6.1.x |
|
2016-01-04 17:44:01 |
Roman Podoliaka |
mos/9.0.x: assignee |
|
MOS Nova (mos-nova) |
|
2016-01-04 17:44:03 |
Roman Podoliaka |
mos/9.0.x: status |
New |
Confirmed |
|
2016-01-04 17:44:04 |
Roman Podoliaka |
mos/9.0.x: importance |
Undecided |
High |
|
2016-01-04 17:44:07 |
Roman Podoliaka |
mos/9.0.x: milestone |
|
9.0 |
|
2016-01-04 17:44:10 |
Roman Podoliaka |
mos/7.0.x: status |
New |
Confirmed |
|
2016-01-04 17:44:12 |
Roman Podoliaka |
mos/6.1.x: status |
New |
Confirmed |
|
2016-01-04 17:44:14 |
Roman Podoliaka |
mos/6.0.x: status |
New |
Confirmed |
|
2016-01-04 17:44:16 |
Roman Podoliaka |
mos/5.1.x: status |
New |
Confirmed |
|
2016-01-04 17:44:18 |
Roman Podoliaka |
mos/7.0.x: importance |
Undecided |
High |
|
2016-01-04 17:44:21 |
Roman Podoliaka |
mos/6.1.x: importance |
Undecided |
High |
|
2016-01-04 17:44:23 |
Roman Podoliaka |
mos/6.0.x: importance |
Undecided |
High |
|
2016-01-04 17:44:24 |
Roman Podoliaka |
mos/5.1.x: importance |
Undecided |
High |
|
2016-01-04 17:44:29 |
Roman Podoliaka |
mos/7.0.x: assignee |
|
MOS Maintenance (mos-maintenance) |
|
2016-01-04 17:44:33 |
Roman Podoliaka |
mos/6.1.x: assignee |
|
MOS Maintenance (mos-maintenance) |
|
2016-01-04 17:44:41 |
Roman Podoliaka |
mos/6.0.x: assignee |
|
MOS Maintenance (mos-maintenance) |
|
2016-01-04 17:44:46 |
Roman Podoliaka |
mos/5.1.x: assignee |
|
MOS Maintenance (mos-maintenance) |
|
2016-01-04 17:44:50 |
Roman Podoliaka |
mos/7.0.x: milestone |
|
7.0-updates |
|
2016-01-04 17:44:54 |
Roman Podoliaka |
mos/6.1.x: milestone |
|
6.1-updates |
|
2016-01-04 17:44:57 |
Roman Podoliaka |
mos/6.0.x: milestone |
|
6.0-updates |
|
2016-01-04 17:45:00 |
Roman Podoliaka |
mos/5.1.x: milestone |
|
5.1.1-updates |
|
2016-01-04 17:45:31 |
Roman Podoliaka |
cve linked |
|
2015-7548 |
|
2016-01-04 17:45:47 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-master-mitaka-0002.patch https://bugs.launchpad.net/mos/+bug/1530927/+attachment/4543905/+files/cve-2015-7548-master-mitaka-0002.patch |
|
2016-01-04 17:46:05 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-master-mitaka-0003.patch https://bugs.launchpad.net/mos/+bug/1530927/+attachment/4543906/+files/cve-2015-7548-master-mitaka-0003.patch |
|
2016-01-04 17:46:20 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-stable-liberty-0001.patch https://bugs.launchpad.net/mos/+bug/1530927/+attachment/4543907/+files/cve-2015-7548-stable-liberty-0001.patch |
|
2016-01-04 17:46:38 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-stable-liberty-0002.patch https://bugs.launchpad.net/mos/+bug/1530927/+attachment/4543908/+files/cve-2015-7548-stable-liberty-0002.patch |
|
2016-01-04 17:46:52 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-stable-liberty-0003.patch https://bugs.launchpad.net/mos/+bug/1530927/+attachment/4543909/+files/cve-2015-7548-stable-liberty-0003.patch |
|
2016-01-04 17:47:08 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-stable-kilo-0001.patch https://bugs.launchpad.net/mos/+bug/1530927/+attachment/4543910/+files/cve-2015-7548-stable-kilo-0001.patch |
|
2016-01-04 17:47:30 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-stable-kilo-0002.patch https://bugs.launchpad.net/mos/+bug/1530927/+attachment/4543921/+files/cve-2015-7548-stable-kilo-0002.patch |
|
2016-01-04 17:47:45 |
Roman Podoliaka |
attachment added |
|
cve-2015-7548-stable-kilo-0003.patch https://bugs.launchpad.net/mos/+bug/1530927/+attachment/4543922/+files/cve-2015-7548-stable-kilo-0003.patch |
|
2016-01-08 10:19:42 |
Roman Podoliaka |
summary |
Nova host data leak through snapshot |
[OSSA 2016-001] Nova host data leak through snapshot |
|
2016-01-08 15:28:59 |
Roman Podoliaka |
description |
By overwriting the disk inside an instance with a malicious
image and requesting a snapshot, an authenticated user would be able to
read an arbitrary file from the compute host. Note that the host file
needs to be readable by the nova user to be exposed except when using
lvm for instance storage, when all files readable by root are exposed.
Only setups using libvirt to spawn instances are vulnerable. Of these,
setups which use filesystem storage, and do not set "use_cow_images =
False" in Nova configuration are not affected. Setups which use ceph or
lvm for instance storage, and setups which use filesystem storage with
"use_cow_images = False" are all affected.
CVE-2015-7548 |
Upstream bug: https://launchpad.net/bugs/1524274
By overwriting the disk inside an instance with a malicious
image and requesting a snapshot, an authenticated user would be able to
read an arbitrary file from the compute host. Note that the host file
needs to be readable by the nova user to be exposed except when using
lvm for instance storage, when all files readable by root are exposed.
Only setups using libvirt to spawn instances are vulnerable. Of these,
setups which use filesystem storage, and do not set "use_cow_images =
False" in Nova configuration are not affected. Setups which use ceph or
lvm for instance storage, and setups which use filesystem storage with
"use_cow_images = False" are all affected.
CVE-2015-7548 |
|
2016-01-14 18:02:44 |
Roman Podoliaka |
mos/9.0.x: status |
Confirmed |
Fix Committed |
|
2016-01-15 21:07:53 |
Roman Podoliaka |
mos/8.0.x: status |
Confirmed |
Fix Committed |
|
2016-02-02 14:41:12 |
Vitaly Sedelnik |
mos/5.1.x: milestone |
5.1.1-updates |
5.1.1-mu-3 |
|
2016-02-02 14:41:15 |
Vitaly Sedelnik |
mos/6.0.x: milestone |
6.0-updates |
6.0-mu-8 |
|
2016-02-02 14:41:33 |
Vitaly Sedelnik |
mos/6.1.x: milestone |
6.1-updates |
6.1-mu-5 |
|
2016-02-02 14:41:35 |
Vitaly Sedelnik |
mos/7.0.x: milestone |
7.0-updates |
7.0-mu-3 |
|
2016-02-04 11:26:16 |
Vitaly Sedelnik |
bug |
|
|
added subscriber Alexey Stupnikov |
2016-02-04 11:26:25 |
Vitaly Sedelnik |
mos/7.0.x: assignee |
MOS Maintenance (mos-maintenance) |
Alexey Stupnikov (astupnikov) |
|
2016-02-04 11:26:31 |
Vitaly Sedelnik |
mos/6.1.x: assignee |
MOS Maintenance (mos-maintenance) |
Alexey Stupnikov (astupnikov) |
|
2016-02-04 11:26:38 |
Vitaly Sedelnik |
mos/6.0.x: assignee |
MOS Maintenance (mos-maintenance) |
Alexey Stupnikov (astupnikov) |
|
2016-02-04 11:26:46 |
Vitaly Sedelnik |
mos/5.1.x: assignee |
MOS Maintenance (mos-maintenance) |
Alexey Stupnikov (astupnikov) |
|
2016-02-09 12:43:13 |
Alexey Stupnikov |
mos/7.0.x: status |
Confirmed |
In Progress |
|
2016-02-09 12:43:17 |
Alexey Stupnikov |
mos/6.1.x: status |
Confirmed |
In Progress |
|
2016-02-10 10:03:21 |
Alexey Stupnikov |
mos/6.0.x: status |
Confirmed |
In Progress |
|
2016-02-11 08:10:11 |
Alexey Stupnikov |
mos/5.1.x: status |
Confirmed |
In Progress |
|
2016-02-16 16:27:22 |
Alexey Stupnikov |
mos/7.0.x: status |
In Progress |
Fix Committed |
|
2016-02-16 17:54:25 |
Alexey Stupnikov |
mos/6.0.x: status |
In Progress |
Fix Committed |
|
2016-02-17 09:05:27 |
Alexey Stupnikov |
mos/6.1.x: status |
In Progress |
Fix Committed |
|
2016-02-18 11:02:57 |
Alexey Stupnikov |
mos/7.0.x: status |
Fix Committed |
Fix Released |
|
2016-02-18 15:56:34 |
Alexey Stupnikov |
mos/6.1.x: status |
Fix Committed |
Fix Released |
|
2016-02-18 16:09:22 |
Roman Podoliaka |
bug |
|
|
added subscriber Anna Babich |
2016-02-19 13:34:19 |
Anna Babich |
tags |
area-nova |
area-nova on-verification |
|
2016-02-19 15:42:58 |
Alexey Stupnikov |
mos/5.1.x: status |
In Progress |
Fix Released |
|
2016-02-19 16:06:26 |
Alexey Stupnikov |
mos/6.0.x: status |
Fix Committed |
Fix Released |
|
2016-02-22 16:15:14 |
Anna Babich |
tags |
area-nova on-verification |
area-nova |
|
2016-02-22 16:15:19 |
Anna Babich |
mos/8.0.x: status |
Fix Committed |
Fix Released |
|
2016-03-01 08:33:00 |
Vitaly Sedelnik |
information type |
Private Security |
Public Security |
|
2016-03-16 16:34:53 |
Anna Babich |
tags |
area-nova |
area-nova on-verification |
|
2016-03-31 14:28:05 |
Anna Babich |
mos/9.0.x: status |
Fix Committed |
Fix Released |
|
2016-03-31 14:28:31 |
Anna Babich |
tags |
area-nova on-verification |
area-nova |
|
2016-04-04 13:04:00 |
Ekaterina Shutova |
tags |
area-nova |
area-nova on-verification |
|
2016-04-12 09:44:07 |
Ekaterina Shutova |
tags |
area-nova on-verification |
area-nova |
|
2016-12-16 21:03:56 |
Vitaly Sedelnik |
mos/5.1.x: milestone |
5.1.1-mu-3 |
5.1.1-updates |
|