diff options
| author |   Matthew Thode <prometheanfire@gentoo.org> | 2016-11-04 09:48:04 -0500 |
|---|---|---|
| committer | Matthew Thode <prometheanfire@gentoo.org> | 2016-11-04 09:48:04 -0500 |
| commit | 3930fb660c9d11c546f1959d4a2bdf66dd8f67e2 (patch) | |
| tree | 6f51da1a6b29f3a5ee9b85c5bcec2d3fad363764 /sys-cluster | |
| parent | dev-perl/Image-Info: Stable for PPC64 (bug #598766). (diff) | |
| download | gentoo-3930fb660c9d11c546f1959d4a2bdf66dd8f67e2.tar.gz gentoo-3930fb660c9d11c546f1959d4a2bdf66dd8f67e2.tar.bz2 gentoo-3930fb660c9d11c546f1959d4a2bdf66dd8f67e2.zip | |
sys-cluster/heat: fix CVE-2016-9185 bug 598940
Package-Manager: portage-2.3.0
Diffstat (limited to 'sys-cluster')
| -rw-r--r-- | sys-cluster/heat/files/CVE-2016-9185.patch | 53 | ||||
| -rw-r--r-- | sys-cluster/heat/heat-7.0.0-r1.ebuild (renamed from sys-cluster/heat/heat-7.0.0.ebuild) | 5 |
2 files changed, 56 insertions, 2 deletions
diff --git a/sys-cluster/heat/files/CVE-2016-9185.patch b/sys-cluster/heat/files/CVE-2016-9185.patch new file mode 100644 index 000000000000..7b6bd86b818a --- /dev/null +++ b/sys-cluster/heat/files/CVE-2016-9185.patch @@ -0,0 +1,53 @@ +From 02dfb1a64f8a545a6dfed15245ac54c8ea835b81 Mon Sep 17 00:00:00 2001 +From: Daniel Gonzalez <daniel@gonzalez-nothnagel.de> +Date: Mon, 17 Oct 2016 10:22:42 +0200 +Subject: Prevent template validate from scanning ports + +The template validation method in the heat API allows to specify the +template to validate using a URL with the 'template_url' parameter. + +By entering invalid http URLs, like 'http://localhost:22' it is +possible to scan ports by evaluating the error message of the request. + +For example, the request + +curl -H "Content-Type: application/json" -H "X-Auth-Token: <TOKEN>" \ +-X POST -d '{"template_url": "http://localhost:22"}' \ +http://127.0.0.1:8004/v1/<TENANT_ID>/validate + +causes the following error message to be returned to the user: + +"Could not retrieve template: Failed to retrieve template: +('Connection aborted.', +BadStatusLine('SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\\r\\n',))" + +This could be misused by tenants to gain knowledge about the internal +network the heat API runs in. + +To prevent this information leak, this patch alters the error message +to not include such details when the url scheme is not 'file'. + +SecurityImpact + +Closes-Bug: #1606500 + +Change-Id: Id1f86f41c1e6c028d889eca7ccbb9cde67631950 +(cherry picked from commit eab9a33ce760c55695a5beb2e541487588b08c98) +--- + heat/common/urlfetch.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/heat/common/urlfetch.py b/heat/common/urlfetch.py +index 7efd968..8a7deae 100644 +--- a/heat/common/urlfetch.py ++++ b/heat/common/urlfetch.py +@@ -75,4 +75,5 @@ def get(url, allowed_schemes=('http', 'https')): + return result + + except exceptions.RequestException as ex: +- raise URLFetchError(_('Failed to retrieve template: %s') % ex) ++ LOG.info(_LI('Failed to retrieve template: %s') % ex) ++ raise URLFetchError(_('Failed to retrieve template from %s') % url) +-- +cgit v0.12 + diff --git a/sys-cluster/heat/heat-7.0.0.ebuild b/sys-cluster/heat/heat-7.0.0-r1.ebuild index 9477a1488a4c..37461d9a1c74 100644 --- a/sys-cluster/heat/heat-7.0.0.ebuild +++ b/sys-cluster/heat/heat-7.0.0-r1.ebuild @@ -113,8 +113,9 @@ RDEPEND=" >=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}] >=dev-python/yaql-1.1.0[${PYTHON_USEDEP}]" -#PATCHES=( -#) +PATCHES=( + "${FILESDIR}/CVE-2016-9185.patch" +) pkg_setup() { enewgroup heat |