Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 559376 (CVE-2015-3280) - <sys-cluster/nova-2015.1.1-r3 - Nova may fail to delete images in resize state (CVE-2015-3280)
Summary: <sys-cluster/nova-2015.1.1-r3 - Nova may fail to delete images in resize stat...
Status: RESOLVED FIXED
Alias: CVE-2015-3280
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://bugs.launchpad.net/nova/+bug/...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-02 03:21 UTC by Matthew Thode ( prometheanfire )
Modified: 2016-02-25 08:43 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-09-02 03:21:15 UTC 
Title: Nova may fail to delete images in resize state
Reporter: George Shuklin (Webzilla LTD) and
          Tushar Patil (NTT DATA, Inc)
Products: Nova
Affects: 2014.2 versions through 2014.2.3, and
         2015.1 versions through 2015.1.1

Description:
George Shuklin from Webzilla LTD and Tushar Patil from NTT DATA, Inc
independently reported a vulnerability in Nova resize state. If an
authenticated user deletes an instance while it is in resize state,
it will cause the original instance to not be deleted from the
compute node it was running on. An attacker can use this to launch a
denial of service attack. All Nova setups are affected.

Reproducible: Always
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-09-02 03:23:23 UTC 
arches, please stabilize the following

=sys-cluster/nova-2015.1.1-r3
Comment 2 Agostino Sarubbo gentoo-dev 2015-09-03 08:24:34 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-09-03 08:26:15 UTC 
x86 stable.

Maintainer(s), please cleanup.
Comment 4 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-09-03 14:28:56 UTC 
cleaned up
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2015-12-31 03:16:50 UTC 
Arches and Maintainer(s), Thank you for your work.
GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).