CVE-2016-9185 fix
* CVE-2016-9185_Prevent_template_validate_from_scanning_ports.patch Change-Id: I2f44ea70de2ae19a91fbc4331aa0d9da1785a9ac
This commit is contained in:
parent
fed9f0adf5
commit
3ab0b42ffb
|
@ -1,8 +1,13 @@
|
|||
heat (1:7.0.0-2) UNRELEASED; urgency=medium
|
||||
heat (1:7.0.0-2) unstable; urgency=medium
|
||||
|
||||
[ Ondřej Nový ]
|
||||
* Bumped debhelper compat version to 10
|
||||
|
||||
-- Ondřej Nový <onovy@debian.org> Wed, 23 Nov 2016 23:58:51 +0100
|
||||
[ Thomas Goirand ]
|
||||
* CVE-2016-9185: template source URL allows network port scan: applied
|
||||
upstream patch (Closes: #843232).
|
||||
|
||||
-- Thomas Goirand <zigo@debian.org> Mon, 26 Dec 2016 17:36:59 +0100
|
||||
|
||||
heat (1:7.0.0-1) unstable; urgency=medium
|
||||
|
||||
|
|
48
debian/patches/CVE-2016-9185_Prevent_template_validate_from_scanning_ports.patch
vendored
Normal file
48
debian/patches/CVE-2016-9185_Prevent_template_validate_from_scanning_ports.patch
vendored
Normal file
|
@ -0,0 +1,48 @@
|
|||
Author: Daniel Gonzalez <daniel@gonzalez-nothnagel.de>
|
||||
Date: Mon, 17 Oct 2016 08:22:42 +0000 (+0200)
|
||||
Description: CVE-2016-9185: Prevent template validate from scanning ports
|
||||
Prevent template validate from scanning ports
|
||||
.
|
||||
The template validation method in the heat API allows to specify the
|
||||
template to validate using a URL with the 'template_url,' parameter.
|
||||
.
|
||||
By entering invalid http URLs, like 'http://localhost:22' it is
|
||||
possible to scan ports by evaluating the error message of the request.
|
||||
.
|
||||
For example, the request
|
||||
.
|
||||
curl -H "Content-Type: application/json" -H "X-Auth-Token: <TOKEN>" \
|
||||
-X POST -d '{"template_url": "http://localhost:22"}' \
|
||||
http://127.0.0.1:8004/v1/<TENANT_ID>/validate
|
||||
.
|
||||
causes the following error message to be returned to the user:
|
||||
.
|
||||
"Could not retrieve template: Failed to retrieve template:
|
||||
('Connection aborted.',
|
||||
BadStatusLine('SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\\r\\n',))"
|
||||
.
|
||||
This could be misused by tenants to gain knowledge about the internal
|
||||
network the heat API runs in.
|
||||
.
|
||||
To prevent this information leak, this patch alters the error message
|
||||
to not include such details when the url scheme is not 'file'.
|
||||
.
|
||||
SecurityImpact
|
||||
.
|
||||
X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fheat.git;a=commitdiff_plain;h=02dfb1a64f8a545a6dfed15245ac54c8ea835b81
|
||||
Bug-Ubuntu: https://bugs.launchpad.net/ossa/+bug/1606500
|
||||
Change-Id: Id1f86f41c1e6c028d889eca7ccbb9cde67631950
|
||||
Origin: uptream, https://review.openstack.org/393147
|
||||
Last-Update: 2016-10-06
|
||||
|
||||
diff --git a/heat/common/urlfetch.py b/heat/common/urlfetch.py
|
||||
index 7efd968..8a7deae 100644
|
||||
--- a/heat/common/urlfetch.py
|
||||
+++ b/heat/common/urlfetch.py
|
||||
@@ -75,4 +75,5 @@ def get(url, allowed_schemes=('http', 'https')):
|
||||
return result
|
||||
|
||||
except exceptions.RequestException as ex:
|
||||
- raise URLFetchError(_('Failed to retrieve template: %s') % ex)
|
||||
+ LOG.info(_LI('Failed to retrieve template: %s') % ex)
|
||||
+ raise URLFetchError(_('Failed to retrieve template from %s') % url)
|
|
@ -1,2 +1,3 @@
|
|||
only-run-tests-in-heat.tests.patch
|
||||
fix-requirements.txt.patch
|
||||
CVE-2016-9185_Prevent_template_validate_from_scanning_ports.patch
|
||||
|
|
Loading…
Reference in New Issue