CVE-2016-7498

Published: 27 September 2016

OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
Upstream
Released (2:13.1.0-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(2:13.1.1-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1:2014.1.5-0ubuntu1.6])

Notes

AuthorNote
ratliff
Note from Debian: Relates to OSSA-2015-017 (CVE-2015-3280)
which was fixed and reintroduced with 13.0.0 and refixed in 13.1.0.

References