OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action

Bug #1732862 reported by Alexander Dobdin on 2017-11-17
266
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Critical
Denis Meltsaykin
7.0.x
Critical
Denis Meltsaykin
8.0.x
Critical
Denis Meltsaykin

Bug Description

Date: November 14, 2017
CVE: CVE-2017-16239
Affects
Nova: <=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2

The backports for Mitaka and Liberty are needed

https://security.openstack.org/ossa/OSSA-2017-005.html

information type: Public → Private Security
description: updated
Changed in mos:
milestone: none → 9.x-updates
milestone: 9.x-updates → 8.0-updates
milestone: 8.0-updates → 9.2-mu-4
milestone: 9.2-mu-4 → 9.x-updates
no longer affects: mos/9.x
Changed in mos:
milestone: 9.x-updates → 9.2-mu-4
assignee: nobody → MOS Maintenance (mos-maintenance)
status: New → Confirmed
Denis Meltsaykin (dmeltsaykin) wrote :
Changed in mos:
status: Confirmed → In Progress
assignee: MOS Maintenance (mos-maintenance) → Denis Meltsaykin (dmeltsaykin)
Changed in mos:
status: In Progress → Fix Committed
Dmitry (dtsapikov) on 2017-12-04
tags: added: on-verification
Dmitry (dtsapikov) wrote :

Verified on 8.0+mu6

Dmitry (dtsapikov) wrote :

Verified on 9.2+mu4

Changed in mos:
status: Fix Committed → Fix Released
Denis Meltsaykin (dmeltsaykin) wrote :

Adam, unfortunately we didn't plan a MU for MOS7.0 since it's out of active support. Do you have a customer who is willing to get the patch for this issue?

information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers