Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2016:0017
HistoryJan 10, 2016 - 11:07 p.m.

(RHSA-2016:0017) Important: openstack-nova security advisory

2016-01-1023:07:38
access.redhat.com
17

EPSS

0.005

Percentile

77.2%

JSON

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

A flaw was discovered in the OpenStack Compute (nova) snapshot feature when
using the libvirt driver. A compute user could overwrite an attached
instance disk with a malicious header specifying a backing file, and then
request a snapshot, causing a file from the compute host to be leaked. This
flaw only affects LVM or Ceph setups, or setups using filesystem storage
with “use_cow_images = False”. (CVE-2015-7548)

A vulnerability was discovered in the way OpenStack Compute (nova)
networking handled security group updates; changes were not applied to
already running VM instances. A remote attacker could use this flaw to
access running VM instances. (CVE-2015-7713)

The CVE-2015-7548 issue was discovered by Matthew Booth of Red Hat
OpenStack Engineering.

All openstack-nova users are advised to upgrade to these updated packages,
which correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat6srcopenstack-nova< 2014.1.5-16.el6ostopenstack-nova-2014.1.5-16.el6ost.src.rpm
RedHat6noarchopenstack-nova-common< 2014.1.5-16.el6ostopenstack-nova-common-2014.1.5-16.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-compute< 2014.1.5-16.el6ostopenstack-nova-compute-2014.1.5-16.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-scheduler< 2014.1.5-16.el6ostopenstack-nova-scheduler-2014.1.5-16.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-novncproxy< 2014.1.5-16.el6ostopenstack-nova-novncproxy-2014.1.5-16.el6ost.noarch.rpm
RedHat6noarchpython-nova< 2014.1.5-16.el6ostpython-nova-2014.1.5-16.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-console< 2014.1.5-16.el6ostopenstack-nova-console-2014.1.5-16.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-network< 2014.1.5-16.el6ostopenstack-nova-network-2014.1.5-16.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-api< 2014.1.5-16.el6ostopenstack-nova-api-2014.1.5-16.el6ost.noarch.rpm
RedHat6noarchopenstack-nova< 2014.1.5-16.el6ostopenstack-nova-2014.1.5-16.el6ost.noarch.rpm
Rows per page:
1-10 of 161

Related

redhat 4
debiancve 2
veracode 2
osv 1
prion 2
ubuntucve 2
nvd 2
cve 2
github 1
cvelist 2
ibm 5
nessus 1
ubuntu 1
openvas 1
redhat
redhat
(RHSA-2015:2684) Moderate: openstack-nova secuity and bug fix advisory
2015-12-21 18:32:35
(RHSA-2015:2673) Moderate: openstack-nova security and bug fix advisory
2015-12-21 16:34:22
(RHSA-2016:0013) Moderate: openstack-nova security and bug fix advisory
2016-01-07 20:40:48
debiancve
debiancve
CVE-2015-7713
2015-10-29 20:59:09
CVE-2015-7548
2016-01-12 19:59:06
veracode
veracode
Authorization Bypass
2019-01-15 09:09:20
Arbitrary File Read
2019-01-15 09:09:37
osv
osv
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
2022-05-14 01:58:45
prion
prion
Design/Logic Flaw
2015-10-29 20:59:00
Stack overflow
2016-01-12 19:59:00
ubuntucve
ubuntucve
CVE-2015-7713
2015-10-29 00:00:00
CVE-2015-7548
2016-01-12 00:00:00
nvd
nvd
CVE-2015-7713
2015-10-29 20:59:09
CVE-2015-7548
2016-01-12 19:59:06
cve
cve
CVE-2015-7713
2015-10-29 20:59:09
CVE-2015-7548
2016-01-12 19:59:06
github
github
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
2022-05-14 01:58:45
cvelist
cvelist
CVE-2015-7713
2015-10-29 20:00:00
CVE-2015-7548
2016-01-12 19:00:00
ibm
ibm
Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7713, CVE-2015-5286)
2018-08-08 04:13:55
Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry (CVE-2015-7713, CVE-2015-5286)
2020-07-19 00:49:12
Security Bulletin: IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerabilities (CVE-2015-1850, CVE-2015-7548)
2018-06-17 23:50:48
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-3449-1)
2017-10-12 00:00:00
ubuntu
ubuntu
OpenStack Nova vulnerabilities
2017-10-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3449-1)
2017-10-12 00:00:00

EPSS

0.005

Percentile

77.2%

JSON
Related for RHSA-2016:0017
redhat4debiancve2veracode2osv1prion2ubuntucve2nvd2cve2github1cvelist2ibm5nessus1ubuntu1openvas1