← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1338830] Re: [OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)

 

** Changed in: nova/icehouse
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1338830

Title:
  [OSSA 2014-032] Nova VMware driver still leaks rescued images
  (CVE-2014-3608)

Status in OpenStack Compute (Nova):
  Invalid
Status in OpenStack Compute (nova) havana series:
  Won't Fix
Status in OpenStack Compute (nova) icehouse series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  Garth Mollet of Red Hat reported the following when examining the fix
  for OSSA 2014-017:

  .. there may still be a regression in the upstream patches.

  With the new patch applied it appears unrescue can still fail if the
  live vm is in the suspended state. With the new patch unrescue will
  attempt to poweroff the vm, however poweroff will fail if state ==
  suspended:

          # Only PoweredOn VMs can be powered off.
          # Raise Exception if VM is suspended
          elif pwr_state == "suspended":
               reason = _("instance is suspended and cannot be powered off.")
               raise exception.InstancePowerOffFailure(reason=reason)

  And this exception will be uncaught in the case of a manual unrescue,
  leading to the same end scenario in Jaroslavs test above, where
  destroying the vm in error state will leave the -rescue instance.

  Red Hat bugzilla reference -
  https://bugzilla.redhat.com/show_bug.cgi?id=1108406

  Can we confirm if this is a regression / incomplete fix of bug
  #1269418 ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1338830/+subscriptions