2012-07-31 11:21:51 |
Pádraig Brady |
bug |
|
|
added bug |
2012-07-31 11:21:51 |
Pádraig Brady |
attachment added |
|
CVE-2012-3361-folsom.diff https://bugs.launchpad.net/bugs/1031311/+attachment/3243517/+files/CVE-2012-3361-folsom.diff |
|
2012-07-31 11:22:33 |
Pádraig Brady |
cve linked |
|
2012-3361 |
|
2012-07-31 11:30:16 |
Pádraig Brady |
description |
Unfortunately the patches released for bug 1015531, didn't consider permissions in the guest.
If there is a root only readable directory in the guest containing the dodgy symlinks,
then they will not be detected by _join_and_check_path_within_fs()
Therefore the equivalent of this function needs to run as the root user.
Folsom patch attached.
Diablo & Essex versions would need readlink added to rootwrap |
Unfortunately the patches released for bug 1015531, didn't consider permissions in the guest.
If there is a root only readable directory in the guest containing the dodgy symlinks, then they will not be detected by _join_and_check_path_within_fs() because it runs as the nova user.
Therefore the equivalent of this function needs to run as the root user.
Folsom patch attached.
Diablo & Essex versions would need readlink added to rootwrap |
|
2012-07-31 11:49:07 |
Thierry Carrez |
bug |
|
|
added subscriber Mark McLoughlin |
2012-07-31 11:49:21 |
Thierry Carrez |
bug |
|
|
added subscriber Vish Ishaya |
2012-07-31 13:41:37 |
Pádraig Brady |
attachment added |
|
CVE-2012-3361-folsom.patch https://bugs.launchpad.net/nova/+bug/1031311/+attachment/3243696/+files/CVE-2012-3361-folsom.patch |
|
2012-07-31 13:42:52 |
Pádraig Brady |
attachment added |
|
CVE-2012-3361-essex.patch https://bugs.launchpad.net/nova/+bug/1031311/+attachment/3243699/+files/CVE-2012-3361-essex.patch |
|
2012-07-31 13:46:22 |
Pádraig Brady |
attachment added |
|
CVE-2012-3361-diablo.patch https://bugs.launchpad.net/nova/+bug/1031311/+attachment/3243700/+files/CVE-2012-3361-diablo.patch |
|
2012-07-31 14:35:55 |
Thierry Carrez |
nova: importance |
High |
Critical |
|
2012-07-31 14:35:55 |
Thierry Carrez |
nova: status |
New |
Confirmed |
|
2012-07-31 17:15:31 |
Steve Beattie |
cve linked |
|
2012-2311 |
|
2012-07-31 17:15:31 |
Steve Beattie |
cve linked |
|
2012-2336 |
|
2012-08-01 15:00:51 |
Thierry Carrez |
bug |
|
|
added subscriber Dan Prince |
2012-08-01 18:35:44 |
Russell Bryant |
cve linked |
|
2012-3447 |
|
2012-08-02 08:38:34 |
Thierry Carrez |
cve unlinked |
2012-2311 |
|
|
2012-08-02 08:38:44 |
Thierry Carrez |
cve unlinked |
2012-2336 |
|
|
2012-08-02 08:38:53 |
Thierry Carrez |
cve unlinked |
2012-3361 |
|
|
2012-08-07 13:15:13 |
Thierry Carrez |
nominated for series |
|
nova/diablo |
|
2012-08-07 13:15:13 |
Thierry Carrez |
bug task added |
|
nova/diablo |
|
2012-08-07 13:15:13 |
Thierry Carrez |
nominated for series |
|
nova/essex |
|
2012-08-07 13:15:13 |
Thierry Carrez |
bug task added |
|
nova/essex |
|
2012-08-07 13:16:22 |
Thierry Carrez |
bug |
|
|
added subscriber Dave Walker |
2012-08-07 13:17:14 |
Thierry Carrez |
bug |
|
|
added subscriber Canonical Security Team |
2012-08-07 15:03:44 |
Thierry Carrez |
visibility |
private |
public |
|
2012-08-07 18:17:04 |
OpenStack Infra |
nova/diablo: status |
New |
In Progress |
|
2012-08-07 18:17:04 |
OpenStack Infra |
nova/diablo: assignee |
|
Pádraig Brady (p-draigbrady) |
|
2012-08-07 19:00:53 |
Thierry Carrez |
nova: status |
Confirmed |
In Progress |
|
2012-08-07 19:00:58 |
Thierry Carrez |
nova/essex: status |
New |
In Progress |
|
2012-08-07 19:01:40 |
OpenStack Infra |
nova/essex: assignee |
|
Pádraig Brady (p-draigbrady) |
|
2012-08-07 19:02:25 |
OpenStack Infra |
nova: assignee |
|
Pádraig Brady (p-draigbrady) |
|
2012-08-07 19:34:37 |
OpenStack Infra |
nova: status |
In Progress |
Fix Committed |
|
2012-08-07 20:03:14 |
OpenStack Infra |
nova/essex: status |
In Progress |
Fix Committed |
|
2012-08-07 22:57:59 |
Mark McLoughlin |
nova/essex: milestone |
|
2012.1.2 |
|
2012-08-07 23:04:37 |
Mark McLoughlin |
nova/essex: importance |
Undecided |
Critical |
|
2012-08-08 09:35:28 |
OpenStack Infra |
nova/diablo: status |
In Progress |
Fix Committed |
|
2012-08-09 09:02:00 |
Thierry Carrez |
removed subscriber OpenStack Vulnerability Management team |
|
|
|
2012-08-10 06:03:40 |
Mark McLoughlin |
nova/essex: status |
Fix Committed |
Fix Released |
|
2012-08-16 07:31:41 |
Thierry Carrez |
nova: status |
Fix Committed |
Fix Released |
|
2012-08-16 07:31:41 |
Thierry Carrez |
nova: milestone |
|
folsom-3 |
|
2012-08-24 09:16:09 |
Dave Walker |
nova (Ubuntu): status |
New |
Fix Released |
|
2012-08-24 09:16:14 |
Dave Walker |
nominated for series |
|
Ubuntu Precise |
|
2012-08-24 09:16:24 |
Dave Walker |
bug task added |
|
nova (Ubuntu Precise) |
|
2012-08-24 09:16:44 |
Dave Walker |
nova (Ubuntu Precise): status |
New |
Confirmed |
|
2012-08-24 09:51:36 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/nova/precise-essex-proposed |
|
2012-08-24 19:08:25 |
Jamie Strandboge |
nova (Ubuntu Precise): status |
Confirmed |
Fix Released |
|
2012-08-24 19:45:23 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/nova |
|
2012-08-30 07:35:05 |
Adam Gandelman |
attachment added |
|
2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.log https://bugs.launchpad.net/bugs/1031311/+attachment/3283214/+files/2012.1.3%2Bstable-20120827-4d2a4afe-0ubuntu1.log |
|
2012-08-30 07:35:08 |
Adam Gandelman |
tags |
|
verification-done |
|
2012-09-27 15:24:59 |
Thierry Carrez |
nova: milestone |
folsom-3 |
2012.2 |
|
2013-06-07 15:46:00 |
Thierry Carrez |
summary |
CVE-2012-3361 not fully addressed |
[OSSA 2012-011] CVE-2012-3361 not fully addressed |
|
2013-06-07 15:46:09 |
Thierry Carrez |
bug task added |
|
ossa |
|
2013-06-07 15:46:21 |
Thierry Carrez |
ossa: status |
New |
Fix Released |
|
2013-06-07 15:46:21 |
Thierry Carrez |
ossa: assignee |
|
Thierry Carrez (ttx) |
|
2014-09-15 15:39:45 |
Sean Dague |
bug task deleted |
nova/diablo |
|
|