Bug 1039148 (CVE-2013-6419)
Summary: | CVE-2013-6419 OpenStack Neutron and Nova: Metadata queries from Neutron to Nova are not restricted by tenant | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aortega, apevec, ayoung, chrisw, gkotton, gmollett, iheim, jruzicka, lhh, markmc, rbryant, sclewis, security-response-team, sradvan, yeylon |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-07-15 07:13:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1039154, 1039161 | ||
Bug Blocks: | 1023240, 1039152 | ||
Attachments: |
Description
Kurt Seifried
2013-12-06 19:07:39 UTC
Created attachment 833732 [details]
cve-2013-6419-neutron-master-icehouse.patch
Created attachment 833733 [details]
cve-2013-6419-neutron-stable-grizzly.patch
Created attachment 833734 [details]
cve-2013-6419-neutron-stable-havana.patch
Created attachment 833735 [details]
cve-2013-6419-nova-master-icehouse.patch
Created attachment 833736 [details]
cve-2013-6419-nova-stable-grizzly.patch
Created attachment 833737 [details]
cve-2013-6419-nova-stable-havana.patch
Acknowledgements: Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Aaron Rosen of VMware as the original reporter. This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0091 https://rhn.redhat.com/errata/RHSA-2014-0091.html This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0231 https://rhn.redhat.com/errata/RHSA-2014-0231.html |