Bug 1175484 - (CVE-2020-17376) VUL-0: CVE-2020-17376: openstack-nova: Live migration fails to update persistent domain XML
(CVE-2020-17376)
VUL-0: CVE-2020-17376: openstack-nova: Live migration fails to update persist...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/265658/
CVSSv3.1:SUSE:CVE-2020-17376:7.6:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-19 11:39 UTC by Robert Frohl
Modified: 2022-06-10 12:13 UTC (History)
10 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 24 Alexandros Toptsoglou 2020-08-26 09:09:24 UTC
now public via https://seclists.org/oss-sec/2020/q3/137

SSA-2020-006: Live migration fails to update persistent domain XML
===================================================================

:Date: August 25, 2020
:CVE: CVE-2020-17376


Affects
~~~~~~~
- Nova: <19.3.1, >=20.0.0 <20.3.1, ==21.0.0


Description
~~~~~~~~~~~
Tadayoshi Hosoya (NEC) and Lee Yarwood (Red Hat) reported a
vulnerability in Nova live migration. By performing a soft reboot of
an instance which has previously undergone live migration, a user may
gain access to destination host devices that share the same paths as
host devices previously referenced by the virtual machine on the
source. This can include block devices that map to different Cinder
volumes on the destination than the source. The risk is increased
significantly in non-default configurations allowing untrusted users
to initiate live migrations, so administrators may consider
temporarily disabling this in policy if they cannot upgrade
immediately. This only impacts deployments where users are allowed to
perform soft reboots of server instances; it is recommended to disable
soft reboots in policy (only allowing hard reboots) until the fix can
be applied.


Patches
~~~~~~~
- https://review.opendev.org/747978 (Pike)
- https://review.opendev.org/747976 (Queens)
- https://review.opendev.org/747975 (Rocky)
- https://review.opendev.org/747974 (Stein)
- https://review.opendev.org/747973 (Train)
- https://review.opendev.org/747972 (Ussuri)
- https://review.opendev.org/747969 (Victoria)


Credits
~~~~~~~
- Tadayoshi Hosoya from NEC (CVE-2020-17376)
- Lee Yarwood from Red Hat (CVE-2020-17376)


References
~~~~~~~~~~
- https://launchpad.net/bugs/1890501
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376


Notes
~~~~~
- The stable/rocky, stable/queens, and stable/pike branches are under extended
  maintenance and will receive no new point releases, but patches for them are
  provided as a courtesy.


-- 
Jeremy Stanley
OpenStack Vulnerability Management Team
Comment 26 Johannes Grassler 2020-08-26 15:35:16 UTC
Patched openSUSE packages for OpenStack Newton, Pike and Rocky are now available here:

https://download.opensuse.org/repositories/Cloud:/OpenStack:/Newton/SLE_12_SP2/noarch/
https://download.opensuse.org/repositories/Cloud:/OpenStack:/Pike/SLE_12_SP3/noarch/
https://download.opensuse.org/repositories/Cloud:/OpenStack:/Rocky/SLE_12_SP4/noarch/

openSUSE Packages for other OpenStack releases will get updated automatically as the patch for the respective release gets merged upstream.

SUSE OpenStack Cloud maintenance updates will become available once the patched Nova packages make their way through QA.
Comment 30 Keith Berger 2020-09-09 16:16:58 UTC
Can this be closed now?
Comment 32 Keith Berger 2020-09-18 14:50:25 UTC
Robert, Can this be marked complete and close now?
Comment 33 Robert Frohl 2020-09-21 09:13:12 UTC
(In reply to Keith Berger from comment #32)
> Robert, Can this be marked complete and close now?

Just assign it to security-team@suse.de if you think the issue is done, we will review and close it if we can confirm this.
Comment 35 Swamp Workflow Management 2020-10-07 16:15:47 UTC
SUSE-SU-2020:2876-1: An update that fixes 9 vulnerabilities, contains 10 features is now available.

Category: security (critical)
Bug References: 1117080,1142617,1143163,1172450,1174583,1175484,1175986
CVE References: CVE-2018-11779,CVE-2018-17954,CVE-2018-18623,CVE-2018-18624,CVE-2018-18625,CVE-2019-0202,CVE-2020-11110,CVE-2020-17376,CVE-2020-25032
JIRA References: SOC-10300,SOC-10522,SOC-11184,SOC-11223,SOC-11364,SOC-5480,SOC-9008,SOC-9779,SOC-9974,SOC-9998
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    crowbar-core-6.0+git.1598519900.770074aa7-3.28.4, grafana-6.7.4-3.17.1, grafana-natel-discrete-panel-0.0.9-4.3.3, openstack-cinder-13.0.10~dev16-3.25.3, openstack-dashboard-14.1.1~dev7-3.18.3, openstack-ironic-11.1.5~dev16-3.22.3, openstack-ironic-python-agent-3.3.4~dev5-3.16.2, openstack-manila-7.4.2~dev54-4.27.3, openstack-neutron-13.0.8~dev95-3.28.3, openstack-nova-18.3.1~dev54-3.28.3, rubygem-crowbar-client-3.9.3-3.9.1, storm-1.2.3-3.3.4
SUSE OpenStack Cloud 9 (src):    ardana-ansible-9.0+git.1596813072.110811d-3.25.2, ardana-cinder-9.0+git.1596129576.0b3d3ce-3.13.2, ardana-cobbler-9.0+git.1588258487.3acf8ad-3.16.2, ardana-installer-ui-9.0+git.1569535129.ca87ef0-3.13.2, ardana-opsconsole-ui-9.0+git.1566593422.813e56c-4.13.2, ardana-osconfig-9.0+git.1597427032.a062830-3.19.2, grafana-6.7.4-3.17.1, grafana-natel-discrete-panel-0.0.9-4.3.3, openstack-cinder-13.0.10~dev16-3.25.3, openstack-dashboard-14.1.1~dev7-3.18.3, openstack-ironic-11.1.5~dev16-3.22.3, openstack-ironic-python-agent-3.3.4~dev5-3.16.2, openstack-manila-7.4.2~dev54-4.27.3, openstack-neutron-13.0.8~dev95-3.28.3, openstack-nova-18.3.1~dev54-3.28.3, python-Flask-Cors-3.0.3-4.3.2, storm-1.2.3-3.3.4, venv-openstack-cinder-13.0.10~dev16-3.22.3, venv-openstack-horizon-14.1.1~dev7-4.21.3, venv-openstack-ironic-11.1.5~dev16-4.17.2, venv-openstack-manila-7.4.2~dev54-3.23.2, venv-openstack-neutron-13.0.8~dev95-6.21.3, venv-openstack-nova-18.3.1~dev54-3.21.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2020-10-13 20:03:27 UTC
SUSE-SU-2020:2911-1: An update that fixes 15 vulnerabilities, contains two features is now available.

Category: security (critical)
Bug References: 1117080,1154434,1164140,1171823,1172450,1173413,1173416,1173418,1174583,1175484,965582
CVE References: CVE-2016-0775,CVE-2018-17954,CVE-2018-18623,CVE-2018-18624,CVE-2018-18625,CVE-2019-15043,CVE-2020-10177,CVE-2020-10378,CVE-2020-10744,CVE-2020-10994,CVE-2020-11110,CVE-2020-12052,CVE-2020-13379,CVE-2020-1733,CVE-2020-17376
JIRA References: SOC-11352,SOC-11389
Sources used:
SUSE OpenStack Cloud 7 (src):    ansible-2.2.3.0-17.2, crowbar-core-4.0+git.1600767499.0615a418f-9.69.3, crowbar-openstack-4.0+git.1599037255.25b759234-9.74.4, grafana-6.7.4-1.17.1, grafana-natel-discrete-panel-0.0.9-1.6.5, openstack-aodh-3.0.5~dev2-2.11.2, openstack-aodh-doc-3.0.5~dev2-2.11.1, openstack-barbican-3.0.1~dev9-2.12.4, openstack-barbican-doc-3.0.1~dev9-2.12.2, openstack-cinder-9.1.5~dev6-4.28.1, openstack-cinder-doc-9.1.5~dev6-4.28.1, openstack-gnocchi-3.0.7~dev1-2.8.2, openstack-heat-7.0.7~dev10-5.17.3, openstack-heat-doc-7.0.7~dev10-5.17.2, openstack-ironic-6.2.5~dev3-2.8.2, openstack-ironic-doc-6.2.5~dev3-2.8.2, openstack-magnum-3.3.2~dev7-14.14.4, openstack-magnum-doc-3.3.2~dev7-14.14.2, openstack-manila-3.0.1~dev30-4.17.2, openstack-manila-doc-3.0.1~dev30-4.17.1, openstack-monasca-agent-1.10.1~dev4-13.3, openstack-murano-3.0.1~dev21-7.5.3, openstack-murano-doc-3.0.1~dev21-7.5.1, openstack-neutron-9.4.2~dev21-7.43.2, openstack-neutron-doc-9.4.2~dev21-7.43.1, openstack-neutron-vpnaas-9.0.1~dev8-5.8.2, openstack-neutron-vpnaas-doc-9.0.1~dev8-5.8.2, openstack-nova-14.0.11~dev13-4.45.3, openstack-nova-doc-14.0.11~dev13-4.45.2, openstack-sahara-5.0.2~dev3-14.3, openstack-sahara-doc-5.0.2~dev3-14.1, python-Pillow-2.8.1-4.17.2, rubygem-crowbar-client-3.9.3-7.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Swamp Workflow Management 2020-11-12 17:24:49 UTC
SUSE-SU-2020:3309-1: An update that solves 53 vulnerabilities, contains 14 features and has 5 fixes is now available.

Category: security (important)
Bug References: 1008037,1008038,1010940,1019021,1038785,1056094,1059235,1080682,1097775,1102126,1109957,1112959,1117080,1118896,1123561,1126503,1137479,1137528,1142121,1142542,1144453,1153452,1154231,1154232,1154830,1157968,1157969,1159447,1161919,1164133,1164134,1164135,1164136,1164137,1164138,1164139,1164140,1165022,1165393,1166389,1167440,1167532,1171162,1171823,1172450,1173413,1173416,1173418,1174006,1174145,1174242,1174302,1174583,1175484,1175986,1175993,1177120,1177948
CVE References: CVE-2016-8614,CVE-2016-8628,CVE-2016-8647,CVE-2016-9587,CVE-2017-7466,CVE-2017-7550,CVE-2018-10875,CVE-2018-11779,CVE-2018-16837,CVE-2018-16859,CVE-2018-16876,CVE-2018-18623,CVE-2018-18624,CVE-2018-18625,CVE-2019-0202,CVE-2019-10156,CVE-2019-10206,CVE-2019-10217,CVE-2019-14846,CVE-2019-14856,CVE-2019-14858,CVE-2019-14864,CVE-2019-14904,CVE-2019-14905,CVE-2019-19844,CVE-2019-3828,CVE-2020-10177,CVE-2020-10378,CVE-2020-10684,CVE-2020-10685,CVE-2020-10691,CVE-2020-10729,CVE-2020-10744,CVE-2020-10994,CVE-2020-11110,CVE-2020-14330,CVE-2020-14332,CVE-2020-14365,CVE-2020-1733,CVE-2020-1734,CVE-2020-1735,CVE-2020-1736,CVE-2020-1737,CVE-2020-17376,CVE-2020-1738,CVE-2020-1739,CVE-2020-1740,CVE-2020-1746,CVE-2020-1753,CVE-2020-25032,CVE-2020-26137,CVE-2020-7471,CVE-2020-9402
JIRA References: SOC-10300,SOC-10522,SOC-10616,SOC-11000,SOC-11223,SOC-11342,SOC-11352,SOC-11364,SOC-11386,SOC-11389,SOC-11391,SOC-6780,SOC-9974,SOC-9998
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    ansible-2.9.14-3.15.1, crowbar-core-5.0+git.1600432272.b3ad722f0-3.44.1, crowbar-openstack-5.0+git.1599037158.5c4d07480-4.43.1, documentation-suse-openstack-cloud-deployment-8.20201007-1.29.1, documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1, documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1, documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1, grafana-6.7.4-4.12.1, grafana-natel-discrete-panel-0.0.9-3.3.6, openstack-cinder-11.2.3~dev29-3.28.2, openstack-cinder-doc-11.2.3~dev29-3.28.1, openstack-monasca-installer-20190923_16.32-3.15.1, openstack-neutron-11.0.9~dev69-3.37.2, openstack-neutron-doc-11.0.9~dev69-3.37.1, openstack-nova-16.1.9~dev76-3.39.2, openstack-nova-doc-16.1.9~dev76-3.39.1, python-Django-1.11.29-3.19.2, python-Pillow-4.2.1-3.9.2, python-keystoneclient-3.13.1-3.3.2, python-keystonemiddleware-4.17.1-5.3.1, python-kombu-4.1.0-3.7.1, python-straight-plugin-1.5.0-1.3.1, python-urllib3-1.22-5.12.1, release-notes-suse-openstack-cloud-8.20200922-3.23.1, rubygem-crowbar-client-3.9.3-1.1, storm-1.2.3-3.6.1
SUSE OpenStack Cloud 8 (src):    ansible-2.9.14-3.15.1, ardana-ansible-8.0+git.1596735237.54109b1-3.77.1, ardana-cinder-8.0+git.1596129856.263f430-3.43.1, ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1, ardana-mq-8.0+git.1593618123.678c32b-3.26.1, ardana-nova-8.0+git.1601298847.dd01585-3.42.1, ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1, documentation-suse-openstack-cloud-installation-8.20201007-1.29.1, documentation-suse-openstack-cloud-operations-8.20201007-1.29.1, documentation-suse-openstack-cloud-opsconsole-8.20201007-1.29.1, documentation-suse-openstack-cloud-planning-8.20201007-1.29.1, documentation-suse-openstack-cloud-security-8.20201007-1.29.1, documentation-suse-openstack-cloud-supplement-8.20201007-1.29.1, documentation-suse-openstack-cloud-upstream-admin-8.20201007-1.29.1, documentation-suse-openstack-cloud-upstream-user-8.20201007-1.29.1, documentation-suse-openstack-cloud-user-8.20201007-1.29.1, grafana-6.7.4-4.12.1, grafana-natel-discrete-panel-0.0.9-3.3.6, openstack-cinder-11.2.3~dev29-3.28.2, openstack-cinder-doc-11.2.3~dev29-3.28.1, openstack-monasca-installer-20190923_16.32-3.15.1, openstack-neutron-11.0.9~dev69-3.37.2, openstack-neutron-doc-11.0.9~dev69-3.37.1, openstack-nova-16.1.9~dev76-3.39.2, openstack-nova-doc-16.1.9~dev76-3.39.1, python-Django-1.11.29-3.19.2, python-Flask-Cors-3.0.3-3.3.1, python-Pillow-4.2.1-3.9.2, python-ardana-packager-0.0.3-7.7.2, python-keystoneclient-3.13.1-3.3.2, python-keystonemiddleware-4.17.1-5.3.1, python-kombu-4.1.0-3.7.1, python-straight-plugin-1.5.0-1.3.1, python-urllib3-1.22-5.12.1, release-notes-suse-openstack-cloud-8.20200922-3.23.1, storm-1.2.3-3.6.1, venv-openstack-aodh-5.1.1~dev7-12.28.1, venv-openstack-barbican-5.0.2~dev3-12.29.1, venv-openstack-ceilometer-9.0.8~dev7-12.26.1, venv-openstack-cinder-11.2.3~dev29-14.30.1, venv-openstack-designate-5.0.3~dev7-12.27.1, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.24.1, venv-openstack-glance-15.0.3~dev3-12.27.1, venv-openstack-heat-9.0.8~dev22-12.29.1, venv-openstack-horizon-12.0.5~dev3-14.32.1, venv-openstack-ironic-9.1.8~dev8-12.29.1, venv-openstack-keystone-12.0.4~dev11-11.30.1, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.28.1, venv-openstack-manila-5.1.1~dev5-12.33.1, venv-openstack-monasca-2.2.2~dev1-11.24.1, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.24.1, venv-openstack-murano-4.0.2~dev2-12.24.1, venv-openstack-neutron-11.0.9~dev69-13.32.1, venv-openstack-nova-16.1.9~dev76-11.30.1, venv-openstack-octavia-1.0.6~dev3-12.29.1, venv-openstack-sahara-7.0.5~dev4-11.28.1, venv-openstack-swift-2.15.2_2.15.2_2.15.2~dev32-11.21.1, venv-openstack-trove-8.0.2~dev2-11.28.1
HPE Helion Openstack 8 (src):    ansible-2.9.14-3.15.1, ardana-ansible-8.0+git.1596735237.54109b1-3.77.1, ardana-cinder-8.0+git.1596129856.263f430-3.43.1, ardana-glance-8.0+git.1593631779.76fa9b7-3.24.1, ardana-mq-8.0+git.1593618123.678c32b-3.26.1, ardana-nova-8.0+git.1601298847.dd01585-3.42.1, ardana-osconfig-8.0+git.1595885113.93abcbc-3.49.1, documentation-hpe-helion-openstack-installation-8.20201007-1.29.1, documentation-hpe-helion-openstack-operations-8.20201007-1.29.1, documentation-hpe-helion-openstack-opsconsole-8.20201007-1.29.1, documentation-hpe-helion-openstack-planning-8.20201007-1.29.1, documentation-hpe-helion-openstack-security-8.20201007-1.29.1, documentation-hpe-helion-openstack-user-8.20201007-1.29.1, grafana-6.7.4-4.12.1, grafana-natel-discrete-panel-0.0.9-3.3.6, openstack-cinder-11.2.3~dev29-3.28.2, openstack-cinder-doc-11.2.3~dev29-3.28.1, openstack-monasca-installer-20190923_16.32-3.15.1, openstack-neutron-11.0.9~dev69-3.37.2, openstack-neutron-doc-11.0.9~dev69-3.37.1, openstack-nova-16.1.9~dev76-3.39.2, openstack-nova-doc-16.1.9~dev76-3.39.1, python-Django-1.11.29-3.19.2, python-Flask-Cors-3.0.3-3.3.1, python-Pillow-4.2.1-3.9.2, python-ardana-packager-0.0.3-7.7.2, python-keystoneclient-3.13.1-3.3.2, python-keystonemiddleware-4.17.1-5.3.1, python-kombu-4.1.0-3.7.1, python-urllib3-1.22-5.12.1, release-notes-hpe-helion-openstack-8.20200922-3.23.1, storm-1.2.3-3.6.1, venv-openstack-aodh-5.1.1~dev7-12.28.1, venv-openstack-barbican-5.0.2~dev3-12.29.1, venv-openstack-ceilometer-9.0.8~dev7-12.26.1, venv-openstack-cinder-11.2.3~dev29-14.30.1, venv-openstack-designate-5.0.3~dev7-12.27.1, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.24.1, venv-openstack-glance-15.0.3~dev3-12.27.1, venv-openstack-heat-9.0.8~dev22-12.29.1, venv-openstack-horizon-hpe-12.0.5~dev3-14.32.1, venv-openstack-ironic-9.1.8~dev8-12.29.1, venv-openstack-keystone-12.0.4~dev11-11.30.1, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.28.1, venv-openstack-manila-5.1.1~dev5-12.33.1, venv-openstack-monasca-2.2.2~dev1-11.24.1, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.24.1, venv-openstack-murano-4.0.2~dev2-12.24.1, venv-openstack-neutron-11.0.9~dev69-13.32.1, venv-openstack-nova-16.1.9~dev76-11.30.1, venv-openstack-octavia-1.0.6~dev3-12.29.1, venv-openstack-sahara-7.0.5~dev4-11.28.1, venv-openstack-swift-2.15.2_2.15.2_2.15.2~dev32-11.21.1, venv-openstack-trove-8.0.2~dev2-11.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Carlos López 2022-06-10 12:13:55 UTC
Done, closing.