CVE-2017-16239 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-16239 Interim 1 7 2022-10-06T00:53:32Z current 2021-05-30T14:03:59Z 2022-10-06T00:53:32Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-16239 In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2017-November/003412.html E-Mail link for SUSE-SU-2017:3080-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 7 openstack-nova-14.0.10~dev13-4.11.1 openstack-nova-api-14.0.10~dev13-4.11.1 openstack-nova-cells-14.0.10~dev13-4.11.1 openstack-nova-cert-14.0.10~dev13-4.11.1 openstack-nova-compute-14.0.10~dev13-4.11.1 openstack-nova-conductor-14.0.10~dev13-4.11.1 openstack-nova-console-14.0.10~dev13-4.11.1 openstack-nova-consoleauth-14.0.10~dev13-4.11.1 openstack-nova-doc-14.0.10~dev13-4.11.3 openstack-nova-novncproxy-14.0.10~dev13-4.11.1 openstack-nova-placement-api-14.0.10~dev13-4.11.1 openstack-nova-scheduler-14.0.10~dev13-4.11.1 openstack-nova-serialproxy-14.0.10~dev13-4.11.1 openstack-nova-vncproxy-14.0.10~dev13-4.11.1 python-nova-14.0.10~dev13-4.11.1 openstack-nova-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-api-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-cells-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-cert-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-compute-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-conductor-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-console-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-consoleauth-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-doc-14.0.10~dev13-4.11.3 as a component of SUSE OpenStack Cloud 7 openstack-nova-novncproxy-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-placement-api-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-scheduler-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-serialproxy-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 openstack-nova-vncproxy-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 python-nova-14.0.10~dev13-4.11.1 as a component of SUSE OpenStack Cloud 7 In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. CVE-2017-16239 SUSE OpenStack Cloud 7:openstack-nova-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-api-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-console-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.10~dev13-4.11.3 SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.10~dev13-4.11.1 SUSE OpenStack Cloud 7:python-nova-14.0.10~dev13-4.11.1 moderate 3.6 AV:N/AC:H/Au:S/C:P/I:N/A:P 4.2 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L