CVE-2015-7713

Published: 29 October 2015

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Priority

Medium

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(2:12.0.0-0ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:2014.1.5-0ubuntu1.7])
Patches:
Upstream: https://review.openstack.org/222026 (Juno)
Upstream: https://review.openstack.org/222023 (Kilo)
Upstream: https://review.openstack.org/222022 (Liberty)