Browse Source

Adds OSSA-2017-006 (CVE-2017-17051)

Change-Id: I6110a60e10afb6cad11ec19156a27362c0c1ec2f
Related-Bug: #1732976
Jeremy Stanley 1 year ago
parent
commit
e2283a6b9e
1 changed files with 39 additions and 0 deletions
  1. 39
    0
      ossa/OSSA-2017-006.yaml

+ 39
- 0
ossa/OSSA-2017-006.yaml View File

@@ -0,0 +1,39 @@
1
+date: 2017-12-05
2
+
3
+id: OSSA-2017-006
4
+
5
+title: >
6
+  Nova FilterScheduler doubles resource allocations during rebuild with new
7
+  image
8
+
9
+description: >
10
+  Matt Riedemann from Huawei reported a vulnerability in OpenStack Nova's
11
+  default FilterScheduler. By repeatedly rebuilding an instance with new
12
+  images, an authenticated user may consume untracked resources on a hypervisor
13
+  host leading to a denial of service. This regression was introduced with the
14
+  fix for OSSA-2017-005 (CVE-2017-16239), however, only Nova stable/pike or
15
+  later deployments with that fix applied and relying on the default
16
+  FilterScheduler are affected.
17
+
18
+affected-products:
19
+  - product: nova
20
+    version: "==16.0.3"
21
+
22
+vulnerabilities:
23
+  - cve-id: CVE-2017-17051
24
+
25
+reporters:
26
+  - name: Matt Riedemann
27
+    affiliation: Huawei
28
+    reported:
29
+      - CVE-2017-17051
30
+
31
+issues:
32
+  links:
33
+    - https://launchpad.net/bugs/1732976
34
+
35
+reviews:
36
+  queens:
37
+    - https://review.openstack.org/521662
38
+  pike:
39
+    - https://review.openstack.org/523214

Loading…
Cancel
Save