cve-2017-7549 - instack-undercloud uses hardcoded /tmp paths

Bug #1712380 reported by Alex Schultz on 2017-08-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Critical
Alex Schultz

Bug Description

https://access.redhat.com/security/cve/cve-2017-7549

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

Fix proposed to branch: master
Review: https://review.openstack.org/496292

Changed in tripleo:
status: Triaged → In Progress
Changed in tripleo:
milestone: pike-rc1 → pike-rc2

Reviewed: https://review.openstack.org/496300
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=02d25849aaa5fec977346c785b0ed594fd55321d
Submitter: Jenkins
Branch: stable/ocata

commit 02d25849aaa5fec977346c785b0ed594fd55321d
Author: James Slagle <email address hidden>
Date: Fri Aug 4 13:28:17 2017 -0400

    Remove isolated-build element

    The element is no longer used in the undercloud install as it's not
    contained in any of the json files under json-files or included by any
    element dependencies.

    This is a fix for the security issue where the /tmp path is used.

    Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15
    Closes-Bug: #1712380
    (cherry picked from commit 722d9e4292f2013c4c13ce391778b902c88d83f1)

tags: added: in-stable-ocata

Reviewed: https://review.openstack.org/496292
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=722d9e4292f2013c4c13ce391778b902c88d83f1
Submitter: Jenkins
Branch: master

commit 722d9e4292f2013c4c13ce391778b902c88d83f1
Author: James Slagle <email address hidden>
Date: Fri Aug 4 13:28:17 2017 -0400

    Remove isolated-build element

    The element is no longer used in the undercloud install as it's not
    contained in any of the json files under json-files or included by any
    element dependencies.

    This is a fix for the security issue where the /tmp path is used.

    Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15
    Closes-Bug: #1712380

Changed in tripleo:
status: In Progress → Fix Released
tags: added: in-stable-newton

Reviewed: https://review.openstack.org/496303
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=808c89b9247b0570f32a67b88d102790445ebee5
Submitter: Jenkins
Branch: stable/newton

commit 808c89b9247b0570f32a67b88d102790445ebee5
Author: James Slagle <email address hidden>
Date: Fri Aug 4 13:28:17 2017 -0400

    Remove isolated-build element

    The element is no longer used in the undercloud install as it's not
    contained in any of the json files under json-files or included by any
    element dependencies.

    This is a fix for the security issue where the /tmp path is used.

    Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15
    Closes-Bug: #1712380
    (cherry picked from commit 722d9e4292f2013c4c13ce391778b902c88d83f1)

This issue was fixed in the openstack/instack-undercloud 6.1.1 release.

This issue was fixed in the openstack/instack-undercloud 5.3.2 release.

This issue was fixed in the openstack/instack-undercloud 8.0.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers