CVE-2014-7230

Priority
Description
The processutils.execute function in OpenStack oslo-incubator, Cinder,
Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local
users to obtain passwords from commands that cause a ProcessExecutionError
by reading the log.
Notes
 jdstrand> nova/utils.py on Essex, but it only logs it with debug logging
  enabled. Reducing the priority for nova on 12.04 LTS.
Package
Upstream:released (2013.2.4, 2014.1.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE (trusty was released [1:2014.1.3-0ubuntu1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:2014.2~rc2-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:2014.2~rc2-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1:2014.2~rc2-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (1:2014.2~rc2-0ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (1:2014.2~rc2-0ubuntu1)
Patches:
Upstream:https://review.openstack.org/#/c/126052/ (juno)
Upstream:https://review.openstack.org/#/c/121382/ (icehouse)
Upstream:https://review.openstack.org/#/c/121095/ (havana)
Package
Source: nova (LP Ubuntu Debian)
Upstream:released (2013.2.4, 2014.1.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored)
Trusty/esm:DNE (trusty was released [1:2014.1.3-0ubuntu1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:2014.2~rc2-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:2014.2~rc2-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1:2014.2~rc2-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (1:2014.2~rc2-0ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (1:2014.2~rc2-0ubuntu1)
Patches:
Upstream:https://review.openstack.org/#/c/126047/ (juno)
Upstream:https://review.openstack.org/#/c/121383/ (icehouse)
Upstream:https://review.openstack.org/#/c/121096/ (havana)
Package
Source: trove (LP Ubuntu Debian)
Upstream:released (2013.2.4, 2014.1.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Patches:
Upstream:https://review.openstack.org/#/c/121417/ (juno)
Upstream:https://review.openstack.org/#/c/121416/ (icehouse)
More Information

Updated: 2019-04-26 14:14:59 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)