Bug 1383415 - [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [OSP-7]
Summary: [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [O...
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-oslo-concurrency
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
Target Milestone: async
: 7.0 (Kilo)
Assignee: Victor Stinner
QA Contact: Udi Shkalim
Depends On:
Blocks: 1380289 1382552 1382570 1382571 1383421 1384855
TreeView+ depends on / blocked
Reported: 2016-10-10 14:38 UTC by Eric Harney
Modified: 2022-07-09 08:39 UTC (History)
10 users (show)

Fixed In Version: python-oslo-concurrency-1.8.2-2.el7ost
Doc Type: If docs needed, set a value
Doc Text:
qemu-img calls were unrestricted by ulimit. oslo.concurrency has been updated to add support for process limits ('prlimit'), which is needed to fix the CVE-2015-5162 security vulnerability.
Clone Of:
: 1383421 1384855 (view as bug list)
Last Closed: 2017-02-15 22:58:50 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
OpenStack gerrit 327630 0 None None None 2016-10-10 14:39:34 UTC
OpenStack gerrit 332222 0 None None None 2016-10-10 14:38:54 UTC
Red Hat Issue Tracker OSP-16803 0 None None None 2022-07-09 08:39:00 UTC
Red Hat Product Errata RHSA-2017:0282 0 normal SHIPPED_LIVE Moderate: openstack-cinder, openstack-glance, and openstack-nova security update 2017-02-16 03:52:44 UTC

Description Eric Harney 2016-10-10 14:38:54 UTC
Security fixes in Nova, Cinder, and Glance require support for prlimit in oslo.concurrency.

The following changes need to be backported:

d65d931 processutils: add support for missing process limits
e33f64f Add prlimit parameter to execute()

Comment 9 Udi Shkalim 2017-01-01 13:00:08 UTC
Verified on: python-oslo-concurrency-1.8.2-2.el7ost.noarch
Code verified

Comment 11 errata-xmlrpc 2017-02-15 22:58:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.