CVE-2017-16239

Priority
Description
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through
16.0.2, by rebuilding an instance, an authenticated user may be able to
circumvent the Filter Scheduler bypassing imposed filters (for example, the
ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova
Filter Scheduler are affected. Because of the regression described in
Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10,
a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
Notes
 mdeslaur> regression fix: http://www.openwall.com/lists/oss-security/2017/12/05/4
Package
Source: nova (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2:17.0.0~rc2-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (2:17.0.0~rc2-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (2:17.0.0~rc2-0ubuntu1)
More Information

Updated: 2019-01-14 21:24:38 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)