oss-sec mailing list archives
Re: CVE request for vulnerability in OpenStack Nova
From: cve-assign () mitre org
Date: Tue, 6 Oct 2015 01:41:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Title: Nova network security group changes are not applied to running
instances
https://launchpad.net/bugs/1491307
https://launchpad.net/bugs/1484738
https://bugs.launchpad.net/nova/+bug/1491307/comments/5 The db instance dict doesn't have the keys in 'metas' because in trigger_rules_refresh() the sec groups are got from db by joining on the instances column, but it doesn't join on the metadata/system_metadata fields. This again causes 'KeyError' because when db instance dict is converted to the Instance object, it expects fields that aren't in the dict.
https://bugs.launchpad.net/nova/+bug/1484738/comments/20 the instance passed to refresh_instance_security_rules comes from the call to get the security group(s) which joins on the instances column, but that doesn't join on the metadata/system_metadata fields for the instances. So when the instances get to object_compat in the compute manager and the db instance dict is converted to the Instance object, it expects fields that aren't in the dict and we get the KeyError.
Use CVE-2015-7713. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWE16qAAoJEL54rhJi8gl5cQoP/R0rm6Y1GsnrrsjiNu7P++Gb D65ez/8UbNQbppouKIrcjULGtFYHn5CRc2nkrEFDTB9pbuQk6ghFjj3SJqn44mwb YsUxxly1S2UGKXrbmxX6nOR3DkqwvQSFb8FvmxqnwgdPLKAlsXffCkLOtzIEGGGI 6jWwOrSDPj6BbANNUJ3/SyYHKPowMPVwGZvWbWZbLVm8JvoVvrausJqa/hG3O+DJ tmHlSZTEB5127tUG5abcf6MuCZDOCO1HiNbT1F3JXf4A/LL3VPMjKCN3TL0NYvce UhnbGpFoIWB8Eqly5Uz6tAlMi7podtPQ3IWbvlJJ1ogX6FjO11mhMSasRwsr4bW5 fAOPFRQy9m7xv6FT/WnR8pdRmv0GhE4WbCD1FtzaSc+9yv/9YGPvobBG6EsBFSpr tnWBLCdZv3fTHfq6oHV/hnftU58QEFYk722UF3e3famuknaHayUx3gfDJxbUIVp4 4mybiLCebrWd/IaDk1QdKMrn25G03T7II+wxmT0YJswAOC6/Y29sfYMpB0pJe+YX LtKN6X0rFyt/Cdlmrp5bTlSnLQsTsKwsgEjbnubgo/5bs0DB9PRPvYfdhqa2PObJ LFSW+zSPzmZNyQb9m9Q1Ke5ieEpySsXnPBKnhKyhTLjc1T/jbhzCcVtimH8R+18n SHKld5vgqyyXvA9nIQV7 =Rpze -----END PGP SIGNATURE-----
Current thread:
- CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Oct 05)
- Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 05)