REDHAT-BUG-1269119
First published: Tue Oct 06 2015(Updated: )
Title: Nova network security group changes are not applied to running instances Reporter: Sreekumar S and Suntao Products: Nova Affects: <=2014.2.3, >=2015.1.0, <=2015.1.1 Description: Sreekumar S and Suntao independently reported a vulnerability in Nova network. Security group changes silently fail to be applied to already running instances, potentially resulting in instances not being protected by the security group. All Nova network setups are affected. References: <a href="https://launchpad.net/bugs/1491307">https://launchpad.net/bugs/1491307</a> <a href="https://launchpad.net/bugs/1484738">https://launchpad.net/bugs/1484738</a> <a href="http://seclists.org/oss-sec/2015/q4/41">http://seclists.org/oss-sec/2015/q4/41</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Compute (Nova) | <=2014.2.3>=2015.1.0<=2015.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://launchpad.net/bugs/1491307
- https://launchpad.net/bugs/1484738
- http://seclists.org/oss-sec/2015/q4/41
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1269122
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1269123
- https://review.openstack.org/222026
- https://review.openstack.org/222023
- https://review.openstack.org/222022
- https://access.redhat.com/errata/RHSA-2015:2673
- https://rhn.redhat.com/errata/RHSA-2015-2684.html
- https://rhn.redhat.com/errata/RHSA-2016-0013.html
- https://rhn.redhat.com/errata/RHSA-2016-0017.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1269119
Frequently Asked Questions
What is the severity of REDHAT-BUG-1269119?
The severity of REDHAT-BUG-1269119 is considered to be a medium risk due to security group changes not being applied to running instances.
How do I fix REDHAT-BUG-1269119?
To fix REDHAT-BUG-1269119, upgrade OpenStack Nova to a version later than 2015.1.1 or any version greater than 2014.2.3.
Which versions are affected by REDHAT-BUG-1269119?
REDHAT-BUG-1269119 affects OpenStack Nova versions up to and including 2014.2.3 and versions from 2015.1.0 to 2015.1.1.
What type of vulnerability is REDHAT-BUG-1269119?
REDHAT-BUG-1269119 is categorized as a configuration vulnerability impacting network security group changes.
Who reported REDHAT-BUG-1269119?
REDHAT-BUG-1269119 was reported independently by Sreekumar S and Suntao.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-7713
- agent/source
- agent/references
- agent/description
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openstack
- canonical/openstack compute (nova)