Bug 1154951 (CVE-2014-3708)
Summary: | CVE-2014-3708 openstack-nova: Nova network denial of service through API filtering | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, berrange, chrisw, dallan, dasmith, gkotton, gmollett, jrusnack, lhh, lpeer, markmc, ndipanov, pbrady, rbryant, sbauza, sclewis, security-response-team, sferdjao, sgordon, vromanso, yeylon | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: |
A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-06-19 07:05:43 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1158307, 1158308, 1196564, 1196565 | ||||||||
Bug Blocks: | 1154952, 1194087 | ||||||||
Attachments: |
|
Description
Murray McAllister
2014-10-21 06:29:11 UTC
Created attachment 949631 [details]
icehouse patch from upstream
Created attachment 949632 [details]
juno patch from upstream
This issue is public now: http://seclists.org/oss-sec/2014/q4/458 Created openstack-nova tracking bugs for this issue: Affects: fedora-all [bug 1158307] This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2015:0844 https://rhn.redhat.com/errata/RHSA-2015-0844.html This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2015:0843 https://rhn.redhat.com/errata/RHSA-2015-0843.html |