A vulnerability in openstack-nova was found, allowing an unprivileged user to consume as much as 4 GB of RAM on the host by uploading malicoius image, possibly leading to OOM on the compute host, negatively affecting the other running instances for other tenants. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1267576 Upstream bug: https://bugs.launchpad.net/ossa/+bug/1449062
Upstream patches have been released: - https://review.openstack.org/382573 (cinder) (Liberty) - https://review.openstack.org/378012 (glance) (Liberty) - https://review.openstack.org/327624 (nova) (Liberty) - https://review.openstack.org/375625 (cinder) (Mitaka) - https://review.openstack.org/377736 (glance) (Mitaka) - https://review.openstack.org/326327 (nova) (Mitaka) - https://review.openstack.org/375102 (cinder) (Newton) - https://review.openstack.org/377734 (glance) (Newton) - https://review.openstack.org/307663 (nova) (Newton) - https://review.openstack.org/375099 (cinder) (Ocata) - https://review.openstack.org/375526 (glance) (Ocata)
Created openstack-nova tracking bugs for this issue: Affects: openstack-rdo [bug 1382553] Affects: fedora-all [bug 1382554]
Created openstack-cinder tracking bugs for this issue: Affects: openstack-rdo [bug 1382572] Affects: fedora-all [bug 1382574]
Created openstack-glance tracking bugs for this issue: Affects: openstack-rdo [bug 1382573] Affects: fedora-all [bug 1382575]
Acknowledgments: Name: Richard W.M. Jones (Red Hat)
This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2016:2923 https://rhn.redhat.com/errata/RHSA-2016-2923.html
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:2991 https://rhn.redhat.com/errata/RHSA-2016-2991.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:0156 https://rhn.redhat.com/errata/RHSA-2017-0156.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2017:0153 https://rhn.redhat.com/errata/RHSA-2017-0153.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:0165 https://rhn.redhat.com/errata/RHSA-2017-0165.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:0282 https://rhn.redhat.com/errata/RHSA-2017-0282.html
Hi Kashyap, looks like the Hitachi bug (1267576) is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1382552, which has been dealt with in CVE-2015-5162, and released in RHSA-2017:0282. Can you confirm? thanks, Summer
(In reply to Summer Long from comment #21) > Hi Kashyap, looks like the Hitachi bug (1267576) is a duplicate of > https://bugzilla.redhat.com/show_bug.cgi?id=1382552, which has been dealt > with in CVE-2015-5162, and released in RHSA-2017:0282. Can you confirm? > thanks, Summer Hi Summer, sorry for the delayed response. Yes you are correct. Just to double-confirm, I checked in the RHOS-7 Git, too (if you look at the end, it indeed says: "Resolves: rhbz#1382552"). I will close the RHOS-7 Hitachi bug, with this pointer. ------------------------------------------------------------------------ commit a7084406eb6d34de55c4a6ecae26ae3c400500b3 Author: Daniel P. Berrange <berrange> AuthorDate: Mon Apr 18 16:32:19 2016 +0000 Commit: Kashyap Chamarthy <kchamart> CommitDate: Tue Oct 18 10:15:24 2016 -0400 virt: set address space & CPU time limits when running qemu-img This uses the new 'prlimit' parameter for oslo.concurrency execute method, to set an address space limit of 1GB and CPU time limit of 2 seconds, when running qemu-img. This is a re-implementation of the previously reverted commit commit da217205f53f9a38a573fb151898fbbeae41021d Author: Tristan Cacqueray <tdecacqu> Date: Wed Aug 5 17:17:04 2015 +0000 virt: Use preexec_fn to ulimit qemu-img info call NOTE (kchamart) [stable/liberty]: Add a check for the presence of 'ProcessLimits' attribute (which is only present in oslo.concurrency>=2.6.1; and a conditional check for 'prlimit' parameter in qemu_img_info() method. Upstream discussion[1][2] that led to merging this patch to stable/liberty branch. [1] http://lists.openstack.org/pipermail/openstack-dev/2016-September/104091.html [2] http://lists.openstack.org/pipermail/openstack-dev/2016-September/104303.html NOTE (kchamart) [RHOS-7]: - Conflicts: - nova/tests/unit/virt/libvirt/test_driver.py - nova/virt/images.py - Update test_qemu_info_with_errors() in tests/unit/virt/test_images.py - The fix catches 'ProcessExecutionError', and raises it as 'InvalidDiskInfo' exception. However, the test was still catching ProcessExecutionError -- update it to catch 'InvalidDiskInfo'. - Remove the now-unused import of 'processutils' - Upstream-Liberty: https://review.openstack.org/#/c/327624/ - [Kilo is EOL, hence backporting from Liberty branch] Resolves: rhbz#1382552 Closes-Bug: #1449062 Change-Id: I135b5242af1bfdcb0ea09a6fcda21fc03a6fbe7d (cherry picked from commit 068d851561addfefb2b812d91dc2011077cb6e1d) (cherry picked from commit 6bc37dcceca823998068167b49aec6def3112397) Reviewed-on: https://code.engineering.redhat.com/gerrit/87164 Tested-by: RHOS Jenkins <apevec+rhosci> Reviewed-by: Sahid Ferdjaoui <sahid.ferdjaoui> Reviewed-by: Michal Pryc <mpryc> ------------------------------------------------------------------------
*** Bug 1267576 has been marked as a duplicate of this bug. ***