19 lines
817 B
YAML
19 lines
817 B
YAML
---
|
|
security:
|
|
- |
|
|
`OSSA-2017-006`_: Nova FilterScheduler doubles resource allocations during
|
|
rebuild with new image (CVE-2017-17051)
|
|
|
|
By repeatedly rebuilding an instance with new images, an authenticated user
|
|
may consume untracked resources on a hypervisor host leading to a denial of
|
|
service. This regression was introduced with the fix for `OSSA-2017-005`_
|
|
(CVE-2017-16239), however, only Nova stable/pike or later deployments with
|
|
that fix applied and relying on the default FilterScheduler are affected.
|
|
|
|
The fix is in the `nova-api` and `nova-scheduler` services.
|
|
|
|
.. note:: The fix for errata in `OSSA-2017-005`_ (CVE-2017-16239) will
|
|
need to be applied in addition to this fix.
|
|
|
|
.. _OSSA-2017-006: https://security.openstack.org/ossa/OSSA-2017-006.html
|