Browse Source

Adds OSSA-2018-001 (CVE-2017-18191)

Change-Id: I43abe5ca3e14010b578a450bf2fa7bc3839b24b1
Related-Bug: #1739593
Tristan Cacqueray 1 year ago
parent
commit
c5f504bf1d
1 changed files with 43 additions and 0 deletions
  1. 43
    0
      ossa/OSSA-2018-001.yaml

+ 43
- 0
ossa/OSSA-2018-001.yaml View File

@@ -0,0 +1,43 @@
1
+date: 2018-04-20
2
+
3
+id: OSSA-2018-001
4
+
5
+title: Raw underlying encrypted volume access
6
+
7
+description: >
8
+  Lee Yarwood (Red Hat) reported a vulnerability in Nova encrypted
9
+  volumes handling. By detaching and reattaching an encrypted volume
10
+  an attacker may access the underlying raw volume and corrupt the
11
+  LUKS header resuling in a denial of service attack on the compute host.
12
+  All Nova setups supporting encrypted volumes are affected.
13
+
14
+affected-products:
15
+  - product: nova
16
+    version: ">=15.0.0 <=15.1.0, >=16.0.0 <=16.1.1"
17
+
18
+vulnerabilities:
19
+  - cve-id: CVE-2017-18191
20
+
21
+reporters:
22
+  - name: Lee Yarwood
23
+    affiliation: Red Hat
24
+    reported:
25
+      - CVE-2017-18191
26
+
27
+issues:
28
+  links:
29
+    - https://launchpad.net/bugs/1739593
30
+
31
+reviews:
32
+  queens:
33
+    - https://review.openstack.org/460243
34
+
35
+  pike:
36
+    - https://review.openstack.org/543569
37
+
38
+  ocata:
39
+    - https://review.openstack.org/561604
40
+
41
+notes:
42
+  - Pike and Ocata patches disable encrypted volume swapping, this feature
43
+    is now only supported in Nova version >= 17.0.0.

Loading…
Cancel
Save