OpenStack Compute (nova)

  1. Bug #1732976
  2. Comment #17

Comment 17 for bug 1732976

Revision history for this message
Matt Riedemann (mriedem) wrote : Re: Potential DoS by rebuilding the same instance with a new image multiple times

@fungi, https://review.openstack.org/#/c/521662/ only goes back to stable/pike.

This other change, https://review.openstack.org/#/c/521186/, is what's going to go as far back as the fix for bug 1664931 (the original CVE that introduced the regressions laid out in this bug).

I think we're going to go forward with https://review.openstack.org/#/c/521186/ so we can get the backports started since we have to get those to stable/newton while it's still around upstream. What needs to happen for the errata on CVE-2017-16239?

So to recap:

1. https://review.openstack.org/#/c/521186/ and https://review.openstack.org/#/c/521391/ are fixes for regressions introduced by the fix for CVE-2017-16239 and are errata for that CVE, and need to get backported to stable/newton upstream.

2. https://review.openstack.org/#/c/521662/ is the fix for this new CVE and only goes back to stable/pike.