[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [OSSA 2016-007.2] Nova host data leak through resize/migration (CVE-2016-2140) ERRATA
From: Tristan Cacqueray <tdecacqu () redhat ! com>
Date: 2016-03-30 13:47:29
Message-ID: 56FBD8F1.4060603 () redhat ! com
[Download RAW message or body]
=============================================================
OSSA-2016-007.2: Nova host data leak through resize/migration
=============================================================
:Date: March 08, 2016
:CVE: CVE-2016-2140
Affects
~~~~~~~
- Nova: <=2015.1.3, >=12.0.0 <=12.0.2
Description
~~~~~~~~~~~
Matthew Booth from Red Hat reported a vulnerability in Nova instance
resize/migration. By overwriting an ephemeral or root disk with a
malicious image before requesting a resize, an authenticated user may
be able to read arbitrary files from the compute host. Only setups
using libvirt driver with raw storage and setting "use_cow_images =
False" (not default) are affected.
Errata
~~~~~~
The former fix did not take into account the usage of non-disk-image
backends and caused a regression for this use-case. This update
provides an additional fix for that issue. Moreover, the kilo backport
caused a regression in live migration where the disk info file is JSON
encoded. This second update provides an additional fix for
stable/kilo.
Patches
~~~~~~~
- https://review.openstack.org/289960 - original (Kilo)
- https://review.openstack.org/290847 - errata (Kilo)
- https://review.openstack.org/294205 - errata#2 (Kilo)
- https://review.openstack.org/289958 - original (Liberty)
- https://review.openstack.org/290843 - errata (Liberty)
- https://review.openstack.org/289957 - original (Mitaka)
- https://review.openstack.org/290715 - errata (Mitaka)
Credits
~~~~~~~
- Matthew Booth from Red Hat (CVE-2016-2140)
References
~~~~~~~~~~
- https://bugs.launchpad.net/bugs/1548450
- https://bugs.launchpad.net/bugs/1555287
- https://bugs.launchpad.net/bugs/1558697
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140
Notes
~~~~~
- This fix will be included in future 2015.1.4 (kilo) and 12.0.3
(liberty) releases.
OSSA History
~~~~~~~~~~~~
- 2016-03-30 - Errata 2
- 2016-03-09 - Errata 1
- 2016-03-08 - Original Version
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic