Mirantis OpenStack

Nova may fail to delete images in resize state

Series 7.0.x
Bug #1489775

Bug #1489775 reported by Sergey Nikitin on 2015-08-28

276

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Mirantis OpenStack	Fix Released	High	Sergey Nikitin	Mirantis OpenStack 8.0
6.0.x	Fix Released	High	Denis Meltsaykin	Mirantis OpenStack 6.0-mu-8
6.1.x	Fix Released	High	Sergey Nikitin	Mirantis OpenStack 6.1-mu-3
7.0.x	Fix Released	High	Alexander Gubanov	Mirantis OpenStack 7.0
8.0.x	Fix Released	High	Sergey Nikitin	Mirantis OpenStack 8.0

Bug Description

If an
authenticated user deletes an instance while it is in resize state,
it will cause the original instance to not be deleted from the
compute node it was running on. An attacker can use this to launch a
denial of service attack. All Nova setups are affected.

Upstream bug: https://bugs.launchpad.net/nova/+bug/1392527

See original description

Tags:

CVE References

2015-3280

Revision history for this message

Sergey Nikitin (snikitin) wrote on 2015-09-02:

fix for 7.0 https://review.fuel-infra.org/#/c/10892/

Roman Podoliaka (rpodolyaka) on 2015-09-03

Changed in mos:
status:	In Progress → Fix Committed

Revision history for this message

Sergey Nikitin (snikitin) wrote on 2015-09-09:

fix for 6.1 https://review.fuel-infra.org/#/c/11313/

Sergey Nikitin (snikitin) on 2015-09-09

description:

updated

Revision history for this message

Vitaly Gusev (vgusev) wrote on 2015-09-09:

Verified on 6.0 with packets *nova*mira35+git.2480ca2.bea7645_all.deb from mirror http://osci-obs.vm.mirantis.net:82/ubuntu-fuel-6.0-updates-stable-11319/ubuntu

Revision history for this message

Vadim Rovachev (vrovachev) wrote on 2015-10-06:

On 6.1 bug not reproduced after apply patches for bug https://bugs.launchpad.net/mos/+bug/1466077

Revision history for this message

Timur Nurlygayanov (tnurlygayanov) wrote on 2015-10-19:

Marked as Fix Released for 6.1 based on comments from Vadim

Revision history for this message

Vitaly Sedelnik (vsedelnik) wrote on 2015-10-19:

Back to Fix Committed - for updates the convention is to set Fix Released after the publication of MU to indicate that the fix could be consumed from updates mirrors

Vitaly Sedelnik (vsedelnik) on 2015-10-29

information type:

Private Security → Public Security

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-10-30: Change abandoned on openstack/nova (openstack-ci/fuel-8.0/liberty)

Change abandoned by Roman Podoliaka <email address hidden> on branch: openstack-ci/fuel-8.0/liberty
Review: https://review.fuel-infra.org/13290
Reason: Fixed upstream with another change-id - I9866d8e32e99b9f907921f4b226edf7b62bd83a7

Alexander Gubanov (ogubanov) on 2015-11-02

tags:

added: on-verification

Revision history for this message

Alexander Gubanov (ogubanov) wrote on 2015-11-02:

I've verified on MOS7.0 (build 301) - all works fine!
Proof: http://pastebin.com/UpiA10ve

tags:

removed: on-verification

Revision history for this message

Alexander Gubanov (ogubanov) wrote on 2016-01-22:

I've verified on MOS 8.0 (build 429) - works!
Proof http://pastebin.com/UGippZjc

Revision history for this message

Denis Meltsaykin (dmeltsaykin) wrote on 2016-02-19:

#10

It looks like nobody merged this https://review.fuel-infra.org/#/c/11319/, I'm reopening bug and retargeting it to 6.0-mu-8

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2016-02-19: Fix merged to openstack/nova (openstack-ci/fuel-6.0-updates/2014.2)

#11

Reviewed: https://review.fuel-infra.org/11319
Submitter: Denis V. Meltsaykin <email address hidden>
Branch: openstack-ci/fuel-6.0-updates/2014.2

Commit: 39826c4227791aa1d0680fc8f40ee6713d886ef4
Author: Sergey Nikitin <email address hidden>
Date: Thu Feb 18 08:25:17 2016

Fixed fail when user tries to delete images in resize state

If InstanceNotFound error is thrown from decorated function,
migration status should be set to 'error', without checking
current migration status.

Conflicts:
nova/compute/manager.py

Backport patch requires additional method obj_as_admin() in
NovaBase object, so this patch was squashed with
I556d93741f1ee965c960c6099fbf2c57f31c6744

Closes-Bug: #1489775

Change-Id: I95b0ff2be254a2645ab3ddd51b761a8a24c5a751
(cherry picked from commit 500a2372a3921dbb1728fe82c3a6efbb06f373f0)

Alexander Gromov (agromov) on 2016-06-09

tags:

added: on-automation

Revision history for this message

Alexander Gromov (agromov) wrote on 2016-06-14:

#12

Link to the automated test: https://review.gerrithub.io/#/c/279919/

tags:

added: covered-automated-test
removed: on-automation

Adam Heczko (aheczko-mirantis) on 2016-06-21

tags:

added: feature-security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.