[PKG-Openstack-devel] Bug#882009: CVE-2017-16239: Nova Filter Scheduler bypass through rebuild action
Thomas Goirand
zigo at debian.org
Fri Nov 17 15:06:41 UTC 2017
Source: nova
Version: 2:14.0.0-4
Severity: important
Tags: patch security
Reporting the OpenStack Security Announcement, uploading soon.
==================================================================
OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action
==================================================================
:Date: November 14, 2017
:CVE: CVE-2017-16239
Affects
~~~~~~~
- Nova: <=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2
Description
~~~~~~~~~~~
George Shuklin from servers.com reported a vulnerability in Nova. By
rebuilding an instance, an authenticated user may be able to
circumvent the Filter Scheduler bypassing imposed filters (for
example, the ImagePropertiesFilter or the IsolatedHostsFilter). All
setups using Nova Filter Scheduler are affected.
Patches
~~~~~~~
- https://review.openstack.org/519684 (Newton)
- https://review.openstack.org/519681 (Ocata)
- https://review.openstack.org/519672 (Pike)
- https://review.openstack.org/519662 (Queens)
Credits
~~~~~~~
- George Shuklin from Servers.com (CVE-2017-16239)
References
~~~~~~~~~~
- https://launchpad.net/bugs/1664931
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
More information about the Openstack-devel
mailing list