Date: Thu, 3 Dec 2015 08:26:42 -0800 From: Devananda van der Veen <devananda.vdv@...il.com> To: oss-security@...ts.openwall.com Subject: OpenStack Ironic does not honor clean steps (CVE-2015-7514) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================== OpenStack Ironic does not honor clean steps =========================================== :Date: December 03, 2015 :CVE: CVE-2015-7514 Affects ~~~~~~~ - - Ironic: >= 4.2.0, <= 4.2.1 Description ~~~~~~~~~~~ Brad Morgan from Rackspace reported a vulnerability in Ironic. To prevent user data leak, Ironic is expected to "clean" a server after use, however that is transparently not happening. Previous tenant's data may be left behind on the disk and may be available to new users. All Ironic setups are affected. Patches ~~~~~~~ - - https://review.openstack.org/#/c/253001 (Liberty) - - https://review.openstack.org/#/c/252993 (Mitaka) Credits ~~~~~~~ - - Brad Morgan from Rackspace (CVE-2015-7514) References ~~~~~~~~~~ - - https://bugs.launchpad.net/bugs/1517277 - - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7514 Notes ~~~~~ - - This fix will be included in a future 4.2.2 release. - - This fix will be included in a future 4.3 release. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlZgbUIACgkQhFvuBniJg6cbxwCgl9eepjJWbkWXsZsPDjhN/bDR rCkAoOLlZYGgItR7LirG4u6uvDaljOby =rXfP -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ