Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 14 Nov 2017 16:28:50 +0000
From: Tristan Cacqueray <tdecacqu@...hat.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA-2017-005] Nova Filter Scheduler bypass through rebuild action
 (CVE-2017-16239)

==================================================================
OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action
==================================================================

:Date: November 14, 2017
:CVE: CVE-2017-16239


Affects
~~~~~~~
- Nova: <=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2


Description
~~~~~~~~~~~
George Shuklin from servers.com reported a vulnerability in Nova. By
rebuilding an instance, an authenticated user may be able to
circumvent the Filter Scheduler bypassing imposed filters (for
example, the ImagePropertiesFilter or the IsolatedHostsFilter). All
setups using Nova Filter Scheduler are affected.


Patches
~~~~~~~
- https://review.openstack.org/519684 (Newton)
- https://review.openstack.org/519681 (Ocata)
- https://review.openstack.org/519672 (Pike)
- https://review.openstack.org/519662 (Queens)


Credits
~~~~~~~
- George Shuklin from Servers.com (CVE-2017-16239)


References
~~~~~~~~~~
- https://launchpad.net/bugs/1664931
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239

--
Tristan Cacqueray
OpenStack Vulnerability Management Team


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ