Bugzilla – Bug 961741
VUL-0: CVE-2015-5295: openstack-heat: denial of service through template-validate
Last modified: 2017-08-15 12:03:55 UTC
Created attachment 661644 [details] Patches Title: Heat denial of service through template-validate Reporter: Steven Hardy (Red Hat) Products: Heat Affects: <=2015.1.2, ==5.0.0 Description: Steven Hardy from Red Hat reported a vulnerability in Heat template validation. By referencing a local file like /dev/zero, an authenticated user may trick the heat engine service to load arbitrary local file content resulting in a Denial of Service attack through memory exhaustion. Note that the file content is not written back to the user, though the user can determine if a file exists and if it is readable by heat-engine. All Heat setups are affected. Proposed patch: See attached patches. Unless a flaw is discovered in them, these patches will be merged to master, stable/liberty and stable/kilo on the public disclosure date. CVE: CVE-2015-5295 CRD: 2016-01-19 1500 UTC
bugbot adjusting priority
public
upstream bug is tracked at https://bugs.launchpad.net/heat/+bug/1496277 and fixes are at https://review.openstack.org/#/q/I845e7d23c73242a4a4c9c40599690ab705c75caa "Load template files only from their known source" I added bnc+CVE refs to our Liberty and Kilo packages.
Bernhard: what about Cloud 5 / Juno?
fixed in current cloud products