settingsLogin | Registersettings

[openstack-announce] [OSSA-2017-005] Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239)

0 votes

==================================================================
OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action
==================================================================

:Date: November 14, 2017
:CVE: CVE-2017-16239

Affects
~~~~~~~
- Nova: <=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2

Description
~~~~~~~~~~~
George Shuklin from servers.com reported a vulnerability in Nova. By
rebuilding an instance, an authenticated user may be able to
circumvent the Filter Scheduler bypassing imposed filters (for
example, the ImagePropertiesFilter or the IsolatedHostsFilter). All
setups using Nova Filter Scheduler are affected.

Patches
~~~~~~~
- https://review.openstack.org/519684 (Newton)
- https://review.openstack.org/519681 (Ocata)
- https://review.openstack.org/519672 (Pike)
- https://review.openstack.org/519662 (Queens)

Credits
~~~~~~~
- George Shuklin from Servers.com (CVE-2017-16239)

References
~~~~~~~~~~
- https://launchpad.net/bugs/1664931
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239

--
Tristan Cacqueray
OpenStack Vulnerability Management Team


OpenStack-announce mailing list
OpenStack-announce@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce

asked Nov 14, 2017 in openstack-announce by tdecacqu_at_redhat.c (2,120 points)   1 1 1
...