** Summary changed:
- Missing fix for ssh_execute (Exceptions thrown may contain passwords)
(CVE-2014-7230, CVE-2014-7231)
+ [OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain
passwords) (CVE-2014-7230, CVE-2014-7231)
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1377981
Title:
[OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may
contain passwords) (CVE-2014-7230, CVE-2014-7231)
Status in Cinder:
Fix Released
Status in Cinder icehouse series:
Fix Committed
Status in OpenStack Compute (Nova):
Fix Released
Status in OpenStack Compute (nova) icehouse series:
Fix Committed
Status in The Oslo library incubator:
Fix Released
Status in oslo-incubator icehouse series:
Fix Committed
Status in OpenStack Security Advisories:
Fix Released
Bug description:
Former bugs:
https://bugs.launchpad.net/ossa/+bug/1343604
https://bugs.launchpad.net/ossa/+bug/1345233
The ssh_execute method is still affected in Cinder and Nova Icehouse release.
It is prone to password leak if:
- passwords are used on the command line
- execution fail
- calling code catch and log the exception
The missing fix from oslo-incubator to be merged is:
6a60f84258c2be3391541dbe02e30b8e836f6c22
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1377981/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
