diff options
author | Matt Riedemann <mriedem.os@gmail.com> | 2017-11-14 15:01:52 -0500 |
---|---|---|
committer | Matt Riedemann <mriedem.os@gmail.com> | 2017-11-14 15:49:47 -0500 |
commit | 3f63d057a64b688b66ff1903c1afc4d97ba6df6d (patch) | |
tree | c27ef5bf164d63fcdf0988e02d50f25fbea2efd6 | |
parent | 6b7793b31721c1434662ac2335cb1a7e394cd39c (diff) |
Add security release note for OSSA-2017-00516.0.3
Change-Id: I053f1bbc56481bddce8792aa4b5460a55cc0db2d
Related-Bug: #1664931
(cherry picked from commit 31d28eef95ab82bdfce2221cd5633bcf4bc13653)
Notes
Notes (review):
Code-Review+2: Dan Smith <dms@danplanet.com>
Code-Review+2: Tony Breeds <tony@bakeyournoodle.com>
Workflow+1: Tony Breeds <tony@bakeyournoodle.com>
Verified+2: Zuul
Submitted-by: Zuul
Submitted-at: Tue, 14 Nov 2017 22:20:26 +0000
Reviewed-on: https://review.openstack.org/519752
Project: openstack/nova
Branch: refs/heads/stable/pike
-rw-r--r-- | releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml new file mode 100644 index 0000000..675debe --- /dev/null +++ b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml | |||
@@ -0,0 +1,13 @@ | |||
1 | --- | ||
2 | security: | ||
3 | - | | ||
4 | `OSSA-2017-005`_: Nova Filter Scheduler bypass through rebuild action | ||
5 | |||
6 | By rebuilding an instance, an authenticated user may be able to circumvent | ||
7 | the FilterScheduler bypassing imposed filters (for example, the | ||
8 | ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the | ||
9 | FilterScheduler (or CachingScheduler) are affected. | ||
10 | |||
11 | The fix is in the `nova-api` and `nova-conductor` services. | ||
12 | |||
13 | .. _OSSA-2017-005: https://security.openstack.org/ossa/OSSA-2017-005.html \ No newline at end of file | ||