CVE-2015-7713

Priority
Medium
Description
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before
2015.1.2 (kilo) do not properly apply security group changes, which allows
remote attackers to bypass intended restriction by leveraging an instance
that was running when the change was made.
References
Bugs
Assigned-to
mdeslaur
Package
Source: nova (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (2:12.0.0-0ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1.5-0ubuntu1.7)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:12.0.0-0ubuntu2)
Ubuntu 17.04 (Zesty Zapus):not-affected (2:12.0.0-0ubuntu2)
Patches:
Upstream:https://review.openstack.org/222026 (Juno)
Upstream:https://review.openstack.org/222023 (Kilo)
Upstream:https://review.openstack.org/222022 (Liberty)
More Information

Updated: 2017-10-11 14:14:42 UTC (commit 13496)