oss-sec mailing list archives
CVE request for vulnerability in OpenStack Nova
From: Tristan Cacqueray <tdecacqu () redhat com>
Date: Mon, 5 Oct 2015 18:20:39 +0000
A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Nova network security group changes are not applied to running instances Reporter: Sreekumar S and Suntao Products: Nova Affects: <=2014.2.3, >=2015.1.0, <=2015.1.1 Description: Sreekumar S and Suntao independently reported a vulnerability in Nova network. Security group changes silently fail to be applied to already running instances, potentially resulting in instances not being protected by the security group. All Nova network setups are affected. References: https://launchpad.net/bugs/1491307 https://launchpad.net/bugs/1484738 Thanks in advance, -- Tristan Cacqueray OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Oct 05)
- Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 05)