[openstack-dev] [nova][stable] Freeze exception for kilo CVE-2015-7548 backports

Matthew Booth mbooth at redhat.com
Fri Jan 15 09:19:33 UTC 2016

The following 3 patches fix CVE-2015-7548 Unprivileged api user can access
host data using instance snapshot:


The OSSA is rated critical. The patches have now landed on master and
liberty after some delays in the gate. Given the importance of the fix I
suspect that most/all downstream distributions will have already patched
(certainly Red Hat has), but it would be good to have them in upstream

Matthew Booth
Red Hat Engineering, Virtualisation Team

Phone: +442070094448 (UK)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160115/d4858b72/attachment.html>

More information about the OpenStack-dev mailing list