Published: 08 September 2015
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
Launchpad, Ubuntu, Debian
|Ubuntu 16.04 LTS (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was released [1:2014.1.5-0ubuntu1.7])
Upstream: https://review.openstack.org/208876 (Juno)
Upstream: https://review.openstack.org/214528 (Juno)
Upstream: https://review.openstack.org/213234 (Kilo)
Upstream: https://review.openstack.org/209856 (Kilo)
Upstream: https://review.openstack.org/194861 (Liberty)
Upstream: https://review.openstack.org/192986 (Liberty)
from announcement: "This fix requires oslo.concurrency >= 1.8.2 for Kilo and >= 2.3.0 for Liberty. Juno fix embeds a patched version of oslo.concurrency."