Bug 1383415

Summary: [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [OSP-7]
Product: Red Hat OpenStack Reporter: Eric Harney <eharney>
Component: python-oslo-concurrencyAssignee: Victor Stinner <vstinner>
Status: CLOSED ERRATA QA Contact: Udi Shkalim <ushkalim>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0 (Kilo)CC: apevec, dcadzow, jschluet, kchamart, lhh, mpryc, mschuppe, slong, ushkalim, vstinner
Target Milestone: asyncKeywords: AutomationBlocker, FeatureBackport, ZStream
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-oslo-concurrency-1.8.2-2.el7ost Doc Type: If docs needed, set a value
Doc Text:
qemu-img calls were unrestricted by ulimit. oslo.concurrency has been updated to add support for process limits ('prlimit'), which is needed to fix the CVE-2015-5162 security vulnerability.
 Story Points: ---
Clone Of:
: 1383421 1384855 (view as bug list) Environment:
Last Closed: 2017-02-15 22:58:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1380289, 1382552, 1382570, 1382571, 1383421, 1384855    

Description Eric Harney 2016-10-10 14:38:54 UTC 
Security fixes in Nova, Cinder, and Glance require support for prlimit in oslo.concurrency.

The following changes need to be backported:

d65d931 processutils: add support for missing process limits
e33f64f Add prlimit parameter to execute()
Comment 9 Udi Shkalim 2017-01-01 13:00:08 UTC 
Verified on: python-oslo-concurrency-1.8.2-2.el7ost.noarch
Code verified
Comment 11 errata-xmlrpc 2017-02-15 22:58:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0282.html