oss-sec mailing list archives
OpenStack Ironic does not honor clean steps (CVE-2015-7514)
From: Devananda van der Veen <devananda.vdv () gmail com>
Date: Thu, 3 Dec 2015 08:26:42 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================== OpenStack Ironic does not honor clean steps =========================================== :Date: December 03, 2015 :CVE: CVE-2015-7514 Affects ~~~~~~~ - - Ironic: >= 4.2.0, <= 4.2.1 Description ~~~~~~~~~~~ Brad Morgan from Rackspace reported a vulnerability in Ironic. To prevent user data leak, Ironic is expected to "clean" a server after use, however that is transparently not happening. Previous tenant's data may be left behind on the disk and may be available to new users. All Ironic setups are affected. Patches ~~~~~~~ - - https://review.openstack.org/#/c/253001 (Liberty) - - https://review.openstack.org/#/c/252993 (Mitaka) Credits ~~~~~~~ - - Brad Morgan from Rackspace (CVE-2015-7514) References ~~~~~~~~~~ - - https://bugs.launchpad.net/bugs/1517277 - - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7514 Notes ~~~~~ - - This fix will be included in a future 4.2.2 release. - - This fix will be included in a future 4.3 release. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlZgbUIACgkQhFvuBniJg6cbxwCgl9eepjJWbkWXsZsPDjhN/bDR rCkAoOLlZYGgItR7LirG4u6uvDaljOby =rXfP -----END PGP SIGNATURE-----
Current thread:
- OpenStack Ironic does not honor clean steps (CVE-2015-7514) Devananda van der Veen (Dec 03)
- <Possible follow-ups>
- OpenStack Ironic does not honor clean steps (CVE-2015-7514) Devananda van der Veen (Dec 03)