Merge "Add security release note for OSSA-2017-005" into stable/newton14.0.10

author: Zuul <zuul@review.openstack.org> 2017-11-16 17:53:32 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-11-16 17:53:32 +0000
commit: db6e1dd0a0fde9846114f02811087640fc84f58c (patch)
tree: 2a31e3ac9bf9ceb66ddb230fd8a84ff718ea4505
parent: b85139255a71d6bc717efae6c9490981f1f079af (diff)
parent: 698b261a5a2a6c0f31ef5059046ef7196d5cba30 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml
new file mode 100644
index 0000000..675debe
--- /dev/null
+++ b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml
@@ -0,0 +1,13 @@
+---
+security:
+  - |
+    `OSSA-2017-005`_: Nova Filter Scheduler bypass through rebuild action
+    By rebuilding an instance, an authenticated user may be able to circumvent
+    the FilterScheduler bypassing imposed filters (for example, the
+    ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the
+    FilterScheduler (or CachingScheduler) are affected.
+    The fix is in the `nova-api` and `nova-conductor` services.
+    .. _OSSA-2017-005: https://security.openstack.org/ossa/OSSA-2017-005.html
+\ No newline at end of file
author	Zuul <zuul@review.openstack.org>	2017-11-16 17:53:32 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-11-16 17:53:32 +0000
commit	db6e1dd0a0fde9846114f02811087640fc84f58c (patch)
tree	2a31e3ac9bf9ceb66ddb230fd8a84ff718ea4505
parent	b85139255a71d6bc717efae6c9490981f1f079af (diff)
parent	698b261a5a2a6c0f31ef5059046ef7196d5cba30 (diff)

diff --git a/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml new file mode 100644 index 0000000..675debe --- /dev/null +++ b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml
@@ -0,0 +1,13 @@
	1	---
	2	security:
	3	- \|
	4	`OSSA-2017-005`_: Nova Filter Scheduler bypass through rebuild action
	5
	6	By rebuilding an instance, an authenticated user may be able to circumvent
	7	the FilterScheduler bypassing imposed filters (for example, the
	8	ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the
	9	FilterScheduler (or CachingScheduler) are affected.
	10
	11	The fix is in the `nova-api` and `nova-conductor` services.
	12
	13	.. _OSSA-2017-005: https://security.openstack.org/ossa/OSSA-2017-005.html \ No newline at end of file