Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue,  6 Oct 2015 01:41:51 -0400 (EDT)
From: cve-assign@...re.org
To: tdecacqu@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for vulnerability in OpenStack Nova

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>  Title: Nova network security group changes are not applied to running
>         instances
>  https://launchpad.net/bugs/1491307
>  https://launchpad.net/bugs/1484738

> https://bugs.launchpad.net/nova/+bug/1491307/comments/5
> 
> The db instance dict doesn't have the keys in 'metas' because in
> trigger_rules_refresh() the sec groups are got from db by joining on
> the instances column, but it doesn't join on the
> metadata/system_metadata fields. This again causes 'KeyError' because
> when db instance dict is converted to the Instance object, it expects
> fields that aren't in the dict.

> https://bugs.launchpad.net/nova/+bug/1484738/comments/20
> 
> the instance passed to refresh_instance_security_rules
> comes from the call to get the security group(s) which joins on the
> instances column, but that doesn't join on the metadata/system_metadata
> fields for the instances. So when the instances get to object_compat in
> the compute manager and the db instance dict is converted to the
> Instance object, it expects fields that aren't in the dict and we get
> the KeyError.

Use CVE-2015-7713.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWE16qAAoJEL54rhJi8gl5cQoP/R0rm6Y1GsnrrsjiNu7P++Gb
D65ez/8UbNQbppouKIrcjULGtFYHn5CRc2nkrEFDTB9pbuQk6ghFjj3SJqn44mwb
YsUxxly1S2UGKXrbmxX6nOR3DkqwvQSFb8FvmxqnwgdPLKAlsXffCkLOtzIEGGGI
6jWwOrSDPj6BbANNUJ3/SyYHKPowMPVwGZvWbWZbLVm8JvoVvrausJqa/hG3O+DJ
tmHlSZTEB5127tUG5abcf6MuCZDOCO1HiNbT1F3JXf4A/LL3VPMjKCN3TL0NYvce
UhnbGpFoIWB8Eqly5Uz6tAlMi7podtPQ3IWbvlJJ1ogX6FjO11mhMSasRwsr4bW5
fAOPFRQy9m7xv6FT/WnR8pdRmv0GhE4WbCD1FtzaSc+9yv/9YGPvobBG6EsBFSpr
tnWBLCdZv3fTHfq6oHV/hnftU58QEFYk722UF3e3famuknaHayUx3gfDJxbUIVp4
4mybiLCebrWd/IaDk1QdKMrn25G03T7II+wxmT0YJswAOC6/Y29sfYMpB0pJe+YX
LtKN6X0rFyt/Cdlmrp5bTlSnLQsTsKwsgEjbnubgo/5bs0DB9PRPvYfdhqa2PObJ
LFSW+zSPzmZNyQb9m9Q1Ke5ieEpySsXnPBKnhKyhTLjc1T/jbhzCcVtimH8R+18n
SHKld5vgqyyXvA9nIQV7
=Rpze
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ