[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [OSSA 2014-017] Nova VMWare driver leaks rescued images (CVE-2014-2573)
From: Jeremy Stanley <jeremy () openstack ! org>
Date: 2014-05-29 19:47:54
Message-ID: 20140529194754.GZ11155 () openstack ! org
[Download RAW message or body]
OpenStack Security Advisory: 2014-017
CVE: CVE-2014-2573
Date: May 29, 2014
Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Products: Nova
Versions: from 2013.2 to 2013.2.3, and 2014.1
Description:
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting the image,
an authenticated user my exceed their quota. This can result in a
denial of service via excessive resource consumption. Only setups
using the Nova VMWare driver are affected.
Juno (development branch) fix:
https://review.openstack.org/75788
https://review.openstack.org/80284
Icehouse fix:
https://review.openstack.org/88514
https://review.openstack.org/89217
Havana fix:
https://review.openstack.org/89762
https://review.openstack.org/89768
Notes:
This fix will be included in the juno-1 development milestone and in
future 2013.2.4 and 2014.1.1 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573
https://launchpad.net/bugs/1269418
--
Jeremy Stanley
OpenStack Vulnerability Management Team
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic