Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
ossa/ossa/OSSA-2015-015.yaml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
56 lines (38 sloc)
1.3 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| date: 2015-08-25 | |
| id: OSSA-2015-015 | |
| title: 'Nova instance migration process does not stop when instance is deleted' | |
| description: 'George Shuklin from Webzilla LTD reported a vulnerability in Nova | |
| migration process. By resizing and deleting an instance repeatedly an | |
| authenticated user may overcome his quota and overload Nova computes | |
| node resulting in a denial of service attack. All Nova setups are | |
| affected.' | |
| affected-products: | |
| - product: nova | |
| version: versions through 2014.2.3 and 2015.1 versions through 2015.1.1 | |
| vulnerabilities: | |
| - cve-id: CVE-2015-3241 | |
| reporters: | |
| - name: 'George Shuklin' | |
| affiliation: Webzilla LTD | |
| reported: | |
| - CVE-2015-3241 | |
| issues: | |
| links: | |
| - https://launchpad.net/bugs/1387543 | |
| type: launchpad | |
| reviews: | |
| liberty: | |
| - https://review.openstack.org/194861 | |
| - https://review.openstack.org/192986 | |
| kilo: | |
| - https://review.openstack.org/213234 | |
| - https://review.openstack.org/209856 | |
| juno: | |
| - https://review.openstack.org/208876 | |
| - https://review.openstack.org/214528 | |
| type: gerrit | |
| notes: | |
| - 'This fix requires oslo.concurrency >= 1.8.2 for Kilo and >= 2.3.0 for | |
| Liberty. Juno fix embeds a patched version of oslo.concurrency' | |
| - 'This fix will be included in future 2014.2.4 (juno) and 2015.1.2 (kilo) | |
| releases.' |