Your message dated Thu, 07 Dec 2017 09:19:22 +0000 with message-id <e1emskw-00042x...@fasolo.debian.org> and subject line Bug#883621: fixed in nova 2:16.0.3-6 has caused the Debian Bug report #883621, regarding nova: CVE-2017-17051: Nova FilterScheduler doubles resource allocations during rebuild with new image to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 883621: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nova Version: 2:16.0.3-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for nova. CVE-2017-17051[0]: | An issue was discovered in the default FilterScheduler in OpenStack | Nova 16.0.3. By repeatedly rebuilding an instance with new images, an | authenticated user may consume untracked resources on a hypervisor host | leading to a denial of service, aka doubled resource allocations. This | regression was introduced with the fix for OSSA-2017-005 | (CVE-2017-16239); however, only Nova stable/pike or later deployments | with that fix applied and relying on the default FilterScheduler are | affected. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-17051 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051 [1] http://www.openwall.com/lists/oss-security/2017/12/05/5 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nova Source-Version: 2:16.0.3-6 We believe that the bug you reported is fixed in the latest version of nova, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 883...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated nova package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 07 Dec 2017 09:29:15 +0100 Source: nova Binary: nova-api nova-cells nova-common nova-compute nova-compute-ironic nova-compute-kvm nova-compute-lxc nova-compute-qemu nova-conductor nova-console nova-consoleauth nova-consoleproxy nova-doc nova-placement-api nova-scheduler nova-volume python-nova Architecture: source all Version: 2:16.0.3-6 Distribution: unstable Urgency: high Maintainer: Debian OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: nova-api - OpenStack Compute - compute API frontend nova-cells - Openstack Compute - cells nova-common - OpenStack Compute - common files nova-compute - OpenStack Compute - compute node nova-compute-ironic - OpenStack Compute - compute node (Ironic) nova-compute-kvm - OpenStack Compute - compute node (KVM) nova-compute-lxc - OpenStack Compute - compute node (LXC) nova-compute-qemu - OpenStack Compute - compute node (QEmu) nova-conductor - OpenStack Compute - conductor service nova-console - OpenStack Compute - console nova-consoleauth - OpenStack Compute - Console Authenticator nova-consoleproxy - OpenStack Compute - NoVNC proxy nova-doc - OpenStack Compute - documentation nova-placement-api - OpenStack compute - placement API nova-scheduler - OpenStack Compute - virtual machine scheduler nova-volume - OpenStack Compute - storage metapackage python-nova - OpenStack Compute - libraries Closes: 883621 Changes: nova (2:16.0.3-6) unstable; urgency=high . * CVE-2017-17051 / OSSA-2017-006: Nova FilterScheduler doubles resource allocations during rebuild with new image. Applied upstream patch: Fix doubling allocations on rebuild (Closes: 883621). Note: previous upload was in fact only refining the patch for addressing CVE-2017-16239, not CVE-2017-17051. This upload really fixes the bug for CVE-2017-17051. Checksums-Sha1: 948543088b83d44870a7cbe884a8c94e3c187023 5406 nova_16.0.3-6.dsc 6d8b2dbe01cbc83c57cf7631b1c298d8eac5d267 74168 nova_16.0.3-6.debian.tar.xz 85b319333ee5082cfa366bed395856a0a99dabb2 38612 nova-api_16.0.3-6_all.deb d916034cb3b638eba44a774a27bd9b24b799ab65 21992 nova-cells_16.0.3-6_all.deb 1f9096b8c4f493d721d6743d42972f824c4045d8 127140 nova-common_16.0.3-6_all.deb 828662b9e6a375524b1d5168b0bdd6a570d66b19 19676 nova-compute-ironic_16.0.3-6_all.deb 7ce31a874a3acc24050e9251431c3e660c02b500 19768 nova-compute-kvm_16.0.3-6_all.deb cb09102f2d53875390a1a823d68e279745dbd76e 19828 nova-compute-lxc_16.0.3-6_all.deb 062968a3e3ed6da00a43f6227efa58fe8962cab6 19640 nova-compute-qemu_16.0.3-6_all.deb f5bfce34ddc479ff9cd8c196808b696eef7d0223 25708 nova-compute_16.0.3-6_all.deb 3d1e68e5405f3096c44521cbafe53b25e2ebaa7f 22896 nova-conductor_16.0.3-6_all.deb 792f16a158b6b8fcca9b9b9dbefc197fe7b86245 22988 nova-console_16.0.3-6_all.deb b3773d1e3a09d1d19039cdf1b1090e415b2832ee 22936 nova-consoleauth_16.0.3-6_all.deb 2377d8862f73fa0addf663664562108402e453cc 27260 nova-consoleproxy_16.0.3-6_all.deb 0bfc3e5d10875f65527d3bf6e599a393e3f91fc5 3212344 nova-doc_16.0.3-6_all.deb 35b02b83060485a329c0f99734a9f4c8cc5854b6 35140 nova-placement-api_16.0.3-6_all.deb 91314a05d24e696fe3ebcd5733add88581175e2b 22896 nova-scheduler_16.0.3-6_all.deb e819306eadfcfa36649b6cd1d1f42d9be7101fc1 19324 nova-volume_16.0.3-6_all.deb 26dc8ca1f376cb7a1634bbb8960e75e7ad4340a3 23798 nova_16.0.3-6_amd64.buildinfo dc2f51745fdc5c5da6d2c1b39f78df1e591b06c8 2648180 python-nova_16.0.3-6_all.deb Checksums-Sha256: 123aaa213dce0e242752c5dc697c6312efbdf74ef27bfca1c15a4f27c5c1be78 5406 nova_16.0.3-6.dsc 83704095f80ff4d14c484d7796269c75756b5de85419ab1b77b2e498d8a6c276 74168 nova_16.0.3-6.debian.tar.xz 6f208d599321cab4510322ff49dd4f48343d5b96b6638e58d2f1f28e22bb7dbb 38612 nova-api_16.0.3-6_all.deb 2746bad4a2ffad7b4a8761bc65df59b8395f12a44b57fe6a284e0e10123e2fb5 21992 nova-cells_16.0.3-6_all.deb 34254e041cdb97a5fdc78e324b6597f5985cf51f2c786a847de97f678845f8b2 127140 nova-common_16.0.3-6_all.deb 61de9549919df6d6bf48ad4dfebd67fa8cf6d1b91af5d31fb5ea83191c584a73 19676 nova-compute-ironic_16.0.3-6_all.deb 1980b7462765cd4529baa0ac21fd75b2cf5b83d4cda9e3c1e070b67ad4ed646a 19768 nova-compute-kvm_16.0.3-6_all.deb 064abfd6d27fa96c1a6ae78c3e934e588f46dfad2e891e5dcb38f83cf44bc903 19828 nova-compute-lxc_16.0.3-6_all.deb f24b1b3cf4b50a60675d380987a937e29c33fc2a4a5b2075b775d892f2248853 19640 nova-compute-qemu_16.0.3-6_all.deb 43441983ac01159aac9bb84871185d58dc1ff4c11bd6007391adb31ded7730b6 25708 nova-compute_16.0.3-6_all.deb 8f0a81f1d89b73e831ccc334af424c518f0537229d08bc10a811d9d93bda9030 22896 nova-conductor_16.0.3-6_all.deb 5b5e66fd2c315829be1c318d8e198785e1ad41b5c4117062249b921c38856ae2 22988 nova-console_16.0.3-6_all.deb 01781ea921005293320540821ceff5047f6421389f7d6abf4f3cb0b27f3001fd 22936 nova-consoleauth_16.0.3-6_all.deb 06b863304d435b17f8830bffcbde65423b010adfa1c8105ba74acd3dbed10198 27260 nova-consoleproxy_16.0.3-6_all.deb 7b16377bc43ebaab73b175217889261554fe88e8a80b45ed6f9818b95a17f2ef 3212344 nova-doc_16.0.3-6_all.deb 02f8285d24d69010d06d1bf5410ad23f1e35d06cd7e9c1fc335fdf5bb5ddd452 35140 nova-placement-api_16.0.3-6_all.deb b3794891f8b50db7310b14b15de6923b46ae483239b45ab9a4322463a7c449c5 22896 nova-scheduler_16.0.3-6_all.deb 82b1350f2b268e86d22d90b548f155141c14c1b92111318ffea0c8d59388be3f 19324 nova-volume_16.0.3-6_all.deb bd0b638e0ba7f4cdcdac5f17dbd5f83cd0c521a23640310547aaa7298daa1140 23798 nova_16.0.3-6_amd64.buildinfo 3cc24ed6264706179422f9c3945a8cb52e3ccfface702dbe355542bc2714d890 2648180 python-nova_16.0.3-6_all.deb Files: 3b9f93f49ae8330232da0f5b695b3abc 5406 net optional nova_16.0.3-6.dsc 396f5a6e6afcc5747e08b84fdb82302b 74168 net optional nova_16.0.3-6.debian.tar.xz 851c0a90b9ee287f2e251a1973e8ad95 38612 net optional nova-api_16.0.3-6_all.deb bebe7c2c0b33c204cc69f9e80203304b 21992 net optional nova-cells_16.0.3-6_all.deb 451a9d36125034fb91052a0912262dde 127140 net optional nova-common_16.0.3-6_all.deb 5ee97f5920248a3ef4e48eeb44ce830c 19676 net optional nova-compute-ironic_16.0.3-6_all.deb a43b443b02c3bf1cc8dd7f7b097b24c9 19768 net optional nova-compute-kvm_16.0.3-6_all.deb 3c26f729bb86df97249fb02a7168d564 19828 net optional nova-compute-lxc_16.0.3-6_all.deb 864dfc0267c12c1a8db7da6f2c472229 19640 net optional nova-compute-qemu_16.0.3-6_all.deb eaf16dad6cdc2e62000590f04ced570e 25708 net optional nova-compute_16.0.3-6_all.deb 2824becdf3ea46372a8124477e499d72 22896 net optional nova-conductor_16.0.3-6_all.deb 0c3b0e6c1d0673353535225c04f1aafc 22988 net optional nova-console_16.0.3-6_all.deb 8bf3e8e500e1af0a1ef6b0f2f76e9c4c 22936 net optional nova-consoleauth_16.0.3-6_all.deb cb8dd8f8cb1f0ceb26657d72ce1a3428 27260 net optional nova-consoleproxy_16.0.3-6_all.deb 2b58ad6c60de1e1cce21fc4e4f24c0cd 3212344 doc optional nova-doc_16.0.3-6_all.deb 894bfe387b129c5adb76d9b69fb7382b 35140 net optional nova-placement-api_16.0.3-6_all.deb 83687ee1dedc5c9ed139499cebc2ace4 22896 net optional nova-scheduler_16.0.3-6_all.deb f8d4c584a15f3efea9a842377bf0c120 19324 oldlibs optional nova-volume_16.0.3-6_all.deb 746d3524e591dd7845a1c04c87c1e879 23798 net optional nova_16.0.3-6_amd64.buildinfo 61fe1ae10afd6c5722a7d3d98f8ee8be 2648180 python optional python-nova_16.0.3-6_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAlopBBUACgkQ1BatFaxr Q/72Ug/8Cd9hod3yfiotMvCdU6JNDQCr6QP7WrYA/Cq2OL2fq1Ht334cPJlwHXLX RiLve+ekvJIvLmCx0XjwAbXnQ9TTuMNhzmjK0FqVdQFBM0TekMvrJVV69K6JVFtp fPWZ9hgPSMWvl8Lm4qAKtVXWVIy1G2cMVZy0RiPotvpr2sHdUNaXnkCFgE/MqNFb 7egGQODP7A/GRU3LTTkl6clT+xW+Olzgeusr20KDJU/c/CK+ucQKsEyI8B+bVMVV Nv+hebAo5/A9U3c8MN6s3REJBwqOnXS7uPwSiYoHYiXwxTTZA285C56kvDho9yw9 CXLXpo6kuNRCk4xz0LQ/RzM4h31t3bmjo5HAwn/sLEXl1JmhrPrSU2M6N6eosxoN gBCkyrkE7jjKYccfM9WLytMhPfGakY0fdanw1r9l2mnhn1jdE1DaHk2flo5q45rg P7/ODNGukL2Lc2a6M+1bmp3uErWhkXeeRoHqoSIJtrJMVwY1CXzCFWrk1cBkzqBM LdcUDzI8cWLNRao/ufCxdcJoAoOlUbk3gSH9Mtoic7HBxWW43isL/IGoDdjRdm55 dtFLZ4Mx0Of2yjW6gaU3MvXp9bI+niX8kLjV+Y275DXUMuF1mJZZog0aD5Xhaj4U Z9JdWmFMeeThEgkwur/ktuyXWN6Zij87tZWIht/tB4lncqyZCK0= =T0zR -----END PGP SIGNATURE-----
--- End Message ---
