diff options
author | Zuul <zuul@review.openstack.org> | 2017-11-16 17:53:32 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-11-16 17:53:32 +0000 |
commit | db6e1dd0a0fde9846114f02811087640fc84f58c (patch) | |
tree | 2a31e3ac9bf9ceb66ddb230fd8a84ff718ea4505 | |
parent | b85139255a71d6bc717efae6c9490981f1f079af (diff) | |
parent | 698b261a5a2a6c0f31ef5059046ef7196d5cba30 (diff) |
Merge "Add security release note for OSSA-2017-005" into stable/newton14.0.10
-rw-r--r-- | releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml new file mode 100644 index 0000000..675debe --- /dev/null +++ b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml | |||
@@ -0,0 +1,13 @@ | |||
1 | --- | ||
2 | security: | ||
3 | - | | ||
4 | `OSSA-2017-005`_: Nova Filter Scheduler bypass through rebuild action | ||
5 | |||
6 | By rebuilding an instance, an authenticated user may be able to circumvent | ||
7 | the FilterScheduler bypassing imposed filters (for example, the | ||
8 | ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the | ||
9 | FilterScheduler (or CachingScheduler) are affected. | ||
10 | |||
11 | The fix is in the `nova-api` and `nova-conductor` services. | ||
12 | |||
13 | .. _OSSA-2017-005: https://security.openstack.org/ossa/OSSA-2017-005.html \ No newline at end of file | ||