Adds OSSA-2017-006 (CVE-2017-17051)

Change-Id: I6110a60e10afb6cad11ec19156a27362c0c1ec2f Related-Bug: #1732976
2017-12-05 14:55:50 +00:00 · 2017-12-05 14:55:50 +00:00 · e2283a6b9e
parent ab54ce232d
commit e2283a6b9e
1 changed files with 39 additions and 0 deletions
--- a/ossa/OSSA-2017-006.yaml
+++ b/ossa/OSSA-2017-006.yaml
@ -0,0 +1,39 @@
+date: 2017-12-05
+
+id: OSSA-2017-006
+
+title: >
+  Nova FilterScheduler doubles resource allocations during rebuild with new
+  image
+
+description: >
+  Matt Riedemann from Huawei reported a vulnerability in OpenStack Nova's
+  default FilterScheduler. By repeatedly rebuilding an instance with new
+  images, an authenticated user may consume untracked resources on a hypervisor
+  host leading to a denial of service. This regression was introduced with the
+  fix for OSSA-2017-005 (CVE-2017-16239), however, only Nova stable/pike or
+  later deployments with that fix applied and relying on the default
+  FilterScheduler are affected.
+
+affected-products:
+  - product: nova
+    version: "==16.0.3"
+
+vulnerabilities:
+  - cve-id: CVE-2017-17051
+
+reporters:
+  - name: Matt Riedemann
+    affiliation: Huawei
+    reported:
+      - CVE-2017-17051
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1732976
+
+reviews:
+  queens:
+    - https://review.openstack.org/521662
+  pike:
+    - https://review.openstack.org/523214