Title: Nova instance migration process does not stop when instance is deleted Reporter: George Shuklin (Webzilla LTD) Products: Nova Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3, and version 2015.1.0 Description: George Shuklin from Webzilla LTD reported a vulnerability in Nova migration process. By resizing and deleting an instance repeatedly an authenticated user may overcome his quota and overload Nova compute nodes resulting in a denial of service attack. All Nova setups are affected. This also effects 2015.1.1 (it wasn't released at the original announce date. Reproducible: Always
arches, please stablize the following =dev-python/oslo-concurrency-1.8.2 (needed as the cve makes use of some added functionality) =sys-cluster/nova-2015.1.1-r2
dependency.bad [fatal] 28 sys-cluster/nova/nova-2015.1.1-r2.ebuild: DEPEND: amd64(default/linux/amd64/13.0) [ '>=dev-python/python-ironicclient-0.4.1[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]', '<dev-python/python-ironicclient-0.6.0[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]'] sys-cluster/nova/nova-2015.1.1-r2.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=sys-block/open-iscsi-2.0.872-r3'] Could you update the stable list?
arches, please stablize the following =dev-python/oslo-concurrency-1.8.2 (needed as the cve makes use of some added functionality) =dev-python/python-ironicclient-0.5.1 =sys-block/open-iscsi-2.0.873 =sys-cluster/nova-2015.1.1-r2 think that covers it
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
cleaned up
Vote: NO.
CVE-2015-3241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3241): OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
GLSA Vote: No