Mirantis OpenStack

OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action

Series 7.0.x
Bug #1732862

Bug #1732862 reported by Alexander Dobdin on 2017-11-17

266

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mirantis OpenStack	Fix Released	Critical	Denis Meltsaykin	Mirantis OpenStack 9.2-mu-4
7.0.x	Fix Committed	Critical	Denis Meltsaykin	Mirantis OpenStack 7.0-mu-9
8.0.x	Fix Released	Critical	Denis Meltsaykin	Mirantis OpenStack 8.0-mu-6

Bug Description

Date: November 14, 2017
CVE: CVE-2017-16239
Affects
Nova: <=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2

The backports for Mitaka and Liberty are needed

https://security.openstack.org/ossa/OSSA-2017-005.html

See original description

Tags:

Alexander Dobdin (sanek-dobdin) on 2017-11-17

information type:	Public → Private Security
description:	updated
Changed in mos:
milestone:	none → 9.x-updates
milestone:	9.x-updates → 8.0-updates
milestone:	8.0-updates → 9.2-mu-4
milestone:	9.2-mu-4 → 9.x-updates

Denis Meltsaykin (dmeltsaykin) on 2017-11-17

no longer affects:	mos/9.x
Changed in mos:
milestone:	9.x-updates → 9.2-mu-4
assignee:	nobody → MOS Maintenance (mos-maintenance)
status:	New → Confirmed

Revision history for this message

Denis Meltsaykin (dmeltsaykin) wrote on 2017-11-22:

9.2 in progress: https://review.fuel-infra.org/#/c/37240/

Changed in mos:
status:	Confirmed → In Progress
assignee:	MOS Maintenance (mos-maintenance) → Denis Meltsaykin (dmeltsaykin)

Denis Meltsaykin (dmeltsaykin) on 2017-11-29

Changed in mos:
status:	In Progress → Fix Committed

Dmitry (dtsapikov) on 2017-12-04

tags:

added: on-verification

Revision history for this message

Dmitry (dtsapikov) wrote on 2017-12-13:

Verified on 8.0+mu6

Revision history for this message

Dmitry (dtsapikov) wrote on 2018-01-18:

Verified on 9.2+mu4

Changed in mos:
status:	Fix Committed → Fix Released

Revision history for this message

Denis Meltsaykin (dmeltsaykin) wrote on 2018-05-11:

Adam, unfortunately we didn't plan a MU for MOS7.0 since it's out of active support. Do you have a customer who is willing to get the patch for this issue?

Adam Heczko (aheczko-mirantis) on 2018-07-24

information type:

Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.