blob: 5ef700f4b3d9e343623133aa575d764cfbf78805 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
---
security:
- |
`OSSA-2017-006`_: Nova FilterScheduler doubles resource allocations during
rebuild with new image (CVE-2017-17051)
By repeatedly rebuilding an instance with new images, an authenticated user
may consume untracked resources on a hypervisor host leading to a denial of
service. This regression was introduced with the fix for `OSSA-2017-005`_
(CVE-2017-16239), however, only Nova stable/pike or later deployments with
that fix applied and relying on the default FilterScheduler are affected.
The fix is in the `nova-api` and `nova-scheduler` services.
.. note:: The fix for errata in `OSSA-2017-005`_ (CVE-2017-16239) will
need to be applied in addition to this fix.
.. _OSSA-2017-006: https://security.openstack.org/ossa/OSSA-2017-006.html
|
