Candidate: CVE-2017-16239
CRD: 2017-11-14 15:00:00 UTC
PublicDate: 2017-11-14 17:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
 https://security.openstack.org/ossa/OSSA-2017-005.html
Description:
 In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through
 16.0.2, by rebuilding an instance, an authenticated user may be able to
 circumvent the Filter Scheduler bypassing imposed filters (for example, the
 ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova
 Filter Scheduler are affected. Because of the regression described in
 Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10,
 a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
Ubuntu-Description: 
Notes: 
 mdeslaur> regression fix: http://www.openwall.com/lists/oss-security/2017/12/05/4
 mdeslaur> This issue is too intrusive to be backported to xenial, we will
 mdeslaur> not be issuing an update for this. Marking as ignored.
Bugs: 
 https://launchpad.net/bugs/1664931
Priority: low
Discovered-by: George Shuklin
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [6.5 MEDIUM]

Patches_nova:
upstream_nova: needs-triage
precise/esm_nova: DNE
trusty_nova: not-affected (code not present)
trusty/esm_nova: DNE (trusty was not-affected [code not present])
xenial_nova: ignored
esm-infra/xenial_nova: ignored
zesty_nova: ignored (reached end-of-life)
artful_nova: not-affected (16.0.3-0ubuntu1)
bionic_nova: not-affected (2:17.0.0~rc2-0ubuntu1)
cosmic_nova: not-affected (2:17.0.0~rc2-0ubuntu1)
devel_nova: not-affected (2:17.0.0~rc2-0ubuntu1)