On Thu, Jun 09, 2016 at 12:52:03PM -0700, Nathan Kinder wrote: > Nova and Cinder key manager for Barbican misuses cached credentials > --- > > ### Summary ### > During the Icehouse release the Cinder and Nova projects added a feature > that supports storage volume encryption using keys stored in Barbican. > The Barbican key manager, that is part of Nova and Cinder, had a bug > that could cause an authorized user to lose access to an encryption key > or allow the wrong user to gain access to an encryption key. > > ### Affected Services / Software ### > Cinder: Icehouse, Juno, Kilo, Liberty > Nova: Juno, Kilo, Liberty > > ... > > A specification for a fix has been merged for the Mitaka release of both > Nova and Cinder. Additionally these patches have been backported to > stable/kilo and stable/liberty. > > ### Contacts / References ### > This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0063 > Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1523646 > OpenStack Security ML : [email protected] > OpenStack Security Group : https://launchpad.net/~openstack-ossg > Nova patch for Mitaka : https://review.openstack.org/254358/ > Nova patch for stable/liberty: https://review.openstack.org/288490 > Cinder patch for Mitaka : https://review.openstack.org/254357/ > Cinder patch for stable/liberty: https://review.openstack.org/266678 > Cinder patch for stable/kilo: https://review.openstack.org/266680 > CVE : N/A >
Thanks for the detailed write up Nathan! Sean (smcginnis) __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
