Summary: | <sys-cluster/nova-2015.1.1-r2: DoS (CVE-2015-3241) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthew Thode ( prometheanfire ) <prometheanfire> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://launchpad.net/bugs/1387543 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matthew Thode ( prometheanfire )
2015-08-18 22:35:52 UTC
arches, please stablize the following =dev-python/oslo-concurrency-1.8.2 (needed as the cve makes use of some added functionality) =sys-cluster/nova-2015.1.1-r2 dependency.bad [fatal] 28 sys-cluster/nova/nova-2015.1.1-r2.ebuild: DEPEND: amd64(default/linux/amd64/13.0) [ '>=dev-python/python-ironicclient-0.4.1[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]', '<dev-python/python-ironicclient-0.6.0[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]'] sys-cluster/nova/nova-2015.1.1-r2.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=sys-block/open-iscsi-2.0.872-r3'] Could you update the stable list? arches, please stablize the following =dev-python/oslo-concurrency-1.8.2 (needed as the cve makes use of some added functionality) =dev-python/python-ironicclient-0.5.1 =sys-block/open-iscsi-2.0.873 =sys-cluster/nova-2015.1.1-r2 think that covers it amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. cleaned up Vote: NO. CVE-2015-3241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3241): OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. GLSA Vote: No |