CVE-2015-3241

Priority
Medium
Description
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier
does not stop the migration process when the instance is deleted, which
allows remote authenticated users to cause a denial of service (disk,
network, and other resource consumption) by resizing and then deleting an
instance.
References
Bugs
Notes
 mdeslaur> from announcement: "This fix requires oslo.concurrency >= 1.8.2
 mdeslaur> for Kilo and >= 2.3.0 for Liberty. Juno fix embeds a patched
 mdeslaur> version of oslo.concurrency."
Assigned-to
mdeslaur
Package
Source: nova (LP Ubuntu Debian)
Upstream:released (2014.2.4,2015.1.2)
Ubuntu 17.10 (Artful Aardvark):not-affected (2:12.0.0-0ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1.5-0ubuntu1.7)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:12.0.0-0ubuntu2)
Ubuntu 17.04 (Zesty Zapus):not-affected (2:12.0.0-0ubuntu2)
Patches:
Upstream:https://review.openstack.org/208876 (Juno)
Upstream:https://review.openstack.org/214528 (Juno)
Upstream:https://review.openstack.org/213234 (Kilo)
Upstream:https://review.openstack.org/209856 (Kilo)
Upstream:https://review.openstack.org/194861 (Liberty)
Upstream:https://review.openstack.org/192986 (Liberty)
More Information

Updated: 2017-10-11 14:14:40 UTC (commit 13496)