Bug 1257942 (CVE-2015-3280)
Summary: | CVE-2015-3280 openstack-nova: Deleting instances in resize state fails | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, berrange, chrisw, dallan, dasmith, eglynn, gkotton, gmollett, jjoyce, jrusnack, jschluet, kbasil, kchamart, lhh, lpeer, markmc, mbooth, mburns, ndipanov, nova-maint, pbrady, rbryant, sbauza, sclewis, security-response-team, sferdjao, sgordon, slinaber, slong, tdecacqu, vromanso, yeylon |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-10-15 21:33:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1263019, 1263020, 1263022, 1264278, 1264279, 1264280 | ||
Bug Blocks: | 1232783, 1257947 |
Description
Adam Mariš
2015-08-28 12:34:54 UTC
Created openstack-nova tracking bugs for this issue: Affects: openstack-rdo [bug 1263019] Created openstack-nova tracking bugs for this issue: Affects: fedora-all [bug 1263020] Please see upstream commits rather than patches attached to this bz. Acknowledgements: Red Hat would like to thank the OpenStack upstream project for reporting this issue. Upstream acknowledges George Shuklin from Webzilla LTD and Tushar Patil from NTT DATA, Inc. as the original reporters. This issue has been addressed in the following products: OpenStack 7 For RHEL 7 OpenStack 5 for RHEL 6 OpenStack 5 for RHEL 7 OpenStack 6 for RHEL 7 Via RHSA-2015:1898 https://rhn.redhat.com/errata/RHSA-2015-1898.html |