Browse Source

Adds OSSA-2016-011 (CVE-2016-7498)

Change-Id: Icf9d11beb1dd5a08269522e009937b7c9672d8f8
Tristan Cacqueray 2 years ago
parent
commit
a6b9eb105e
1 changed files with 45 additions and 0 deletions
  1. 45
    0
      ossa/OSSA-2016-011.yaml

+ 45
- 0
ossa/OSSA-2016-011.yaml View File

@@ -0,0 +1,45 @@
1
+date: 2016-09-21
2
+
3
+id: OSSA-2016-011
4
+
5
+title: 'Nova may fail to delete images in resize state regression'
6
+
7
+description: 'Rajesh Tailor from Red Hat reported a vulnerability in Nova. If an
8
+    authenticated user deletes an instance while it is in resize state, it will
9
+    cause the original instance to not be deleted from the compute node it was
10
+    running on. An attacker can use this to launch a denial of service attack.
11
+    All Nova setups are affected.'
12
+
13
+affected-products:
14
+
15
+  - product: nova
16
+    version: "==13.0.0"
17
+
18
+vulnerabilities:
19
+
20
+  - cve-id: CVE-2016-7498
21
+
22
+reporters:
23
+
24
+  - name: 'Rajesh Tailor'
25
+    affiliation: Red Hat
26
+    reported:
27
+      - CVE-2016-7498
28
+
29
+issues:
30
+  links:
31
+    - https://bugs.launchpad.net/bugs/1589821
32
+
33
+reviews:
34
+  newton:
35
+    - https://review.openstack.org/326262
36
+
37
+  mitaka:
38
+    - https://review.openstack.org/327398
39
+
40
+  type: gerrit
41
+
42
+notes:
43
+  - 'This bug is similar to OSSA-2015-017 (CVE-2015-3280) and was re-introduced
44
+    in the first release of Mitaka version of Nova and it was re-fixed in
45
+    nova-13.1.0.'

Loading…
Cancel
Save