CVE-2015-3280

Published: 26 October 2015

OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

Priority

Medium

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(2:12.0.0-0ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:2014.1.5-0ubuntu1.7])
Patches:
Upstream: https://review.openstack.org/219301 (Juno)
Upstream: https://review.openstack.org/219300 (Kilo)
Upstream: https://review.openstack.org/219299 (Liberty)