Adds OSSA-2017-005 (CVE-2017-16239)

Change-Id: Ib03875ae5b6ad95ceecf00714704ac9676ef32a7 Related-Bug: #1664931
2017-11-14 10:37:44 +00:00 · 2017-11-14 10:37:44 +00:00 · cb43ec5959
parent 6ef2ac429d
commit cb43ec5959
1 changed files with 39 additions and 0 deletions
--- a/ossa/OSSA-2017-005.yaml
+++ b/ossa/OSSA-2017-005.yaml
@ -0,0 +1,39 @@
+date: 2017-11-14
+
+id: OSSA-2017-005
+
+title: Nova Filter Scheduler bypass through rebuild action
+
+description: >
+  George Shuklin from servers.com reported a vulnerability in Nova. By
+  rebuilding an instance, an authenticated user may be able to circumvent the
+  Filter Scheduler bypassing imposed filters (for example, the
+  ImagePropertiesFilter or the IsolatedHostsFilter).
+  All setups using Nova Filter Scheduler are affected.
+
+affected-products:
+  - product: nova
+    version: "<=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2"
+
+vulnerabilities:
+  - cve-id: CVE-2017-16239
+
+reporters:
+  - name: George Shuklin
+    affiliation: Servers.com
+    reported:
+      - CVE-2017-16239
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1664931
+
+reviews:
+  queens:
+    - https://review.openstack.org/519662
+  pike:
+    - https://review.openstack.org/519672
+  ocata:
+    - https://review.openstack.org/519681
+  newton:
+    - https://review.openstack.org/519684