From e2283a6b9e16cf055d73115f8a8349168d8cb732 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Tue, 5 Dec 2017 14:55:50 +0000
Subject: [PATCH] Adds OSSA-2017-006 (CVE-2017-17051)

Change-Id: I6110a60e10afb6cad11ec19156a27362c0c1ec2f
Related-Bug: #1732976
---
 ossa/OSSA-2017-006.yaml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 ossa/OSSA-2017-006.yaml

diff --git a/ossa/OSSA-2017-006.yaml b/ossa/OSSA-2017-006.yaml
new file mode 100644
index 0000000..0b3a5e9
--- /dev/null
+++ b/ossa/OSSA-2017-006.yaml
@@ -0,0 +1,39 @@
+date: 2017-12-05
+
+id: OSSA-2017-006
+
+title: >
+  Nova FilterScheduler doubles resource allocations during rebuild with new
+  image
+
+description: >
+  Matt Riedemann from Huawei reported a vulnerability in OpenStack Nova's
+  default FilterScheduler. By repeatedly rebuilding an instance with new
+  images, an authenticated user may consume untracked resources on a hypervisor
+  host leading to a denial of service. This regression was introduced with the
+  fix for OSSA-2017-005 (CVE-2017-16239), however, only Nova stable/pike or
+  later deployments with that fix applied and relying on the default
+  FilterScheduler are affected.
+
+affected-products:
+  - product: nova
+    version: "==16.0.3"
+
+vulnerabilities:
+  - cve-id: CVE-2017-17051
+
+reporters:
+  - name: Matt Riedemann
+    affiliation: Huawei
+    reported:
+      - CVE-2017-17051
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1732976
+
+reviews:
+  queens:
+    - https://review.openstack.org/521662
+  pike:
+    - https://review.openstack.org/523214