Bugzilla – Bug 903013
VUL-0: CVE-2014-3708: openstack-nova: Nova network denial of service through API filtering
Last modified: 2015-02-19 03:09:37 UTC
rh#1154951 References: https://bugzilla.redhat.com/show_bug.cgi?id=1154951 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-11-27. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59645
https://review.openstack.org/#/q/I455f6ab4acdecacc5152b11a183027f933dc4475,n,z https://bugs.launchpad.net/nova/+bug/1358583
AFAICS the fix is already in our package since October 30th. (It was just lacking a bug id :/): This from the openstack-nova package in SUSE:SLE-11-SP3:Update:Cloud4:Test:Update:Test : ------------------------------------------------------------------- Thu Oct 30 06:42:12 UTC 2014 - cloud-devel@suse.de - Update to version nova-2014.1.4.dev37.g27d624f: * Fixes DOS issue in instance list ip filter ------------------------------------------------------------------- Which just got approve by QA some 30 minutes ago. So I guess there is no need to resubmit this, is there?
(In reply to Ralf Haferkamp from comment #7) No, if it is in there then we can assign the bug to us and we take it from here. Everything should be that easy to fix ;)
Update released. Resolved fixed.
SUSE-SU-2015:0324-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (low) Bug References: 867922,897815,898371,899190,899199,901087,903013 CVE References: CVE-2014-3608,CVE-2014-3708,CVE-2014-7230,CVE-2014-7231,CVE-2014-8750 Sources used: SUSE Cloud 4 (src): openstack-nova-2014.1.4.dev49-0.7.1, openstack-nova-doc-2014.1.4.dev49-0.7.1