** No longer affects: nova/diablo -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1031311
Title: [OSSA 2012-011] CVE-2012-3361 not fully addressed Status in OpenStack Compute (Nova): Fix Released Status in OpenStack Compute (nova) essex series: Fix Released Status in OpenStack Security Advisories: Fix Released Status in “nova” package in Ubuntu: Fix Released Status in “nova” source package in Precise: Fix Released Bug description: Unfortunately the patches released for bug 1015531, didn't consider permissions in the guest. If there is a root only readable directory in the guest containing the dodgy symlinks, then they will not be detected by _join_and_check_path_within_fs() because it runs as the nova user. Therefore the equivalent of this function needs to run as the root user. Folsom patch attached. Diablo & Essex versions would need readlink added to rootwrap To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1031311/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
