CVE-2013-4469

Priority
Low
Description
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images
is set to False, does not verify the virtual size of a QCOW2 image, which
allows local users to cause a denial of service (host file system disk
consumption) by transferring an image with a large virtual size that does
not contain a large amount of data from Glance. NOTE: this issue is due to
an incomplete fix for CVE-2013-2096.
References
Bugs
Notes
jdstrand> patch for CVE-2013-4463 should fix this
jdstrand> saucy needs a no change rebuild for saucy-security
Assigned-to
mdeslaur
Package
Source: nova (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (2012.1.3+stable-20130423-e52e6912-0ubuntu1.4)
Ubuntu 13.10 (Saucy Salamander):released (1:2013.2.3-0ubuntu1.2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:2014.1~b1-0ubuntu2)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1:2014.1~b1-0ubuntu2)
Patches:
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=816275&action=diff (folsom)
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=816276&action=diff (grizzly)
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=816277&action=diff (havana)
Upstream:https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30 (master)
Upstream:https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f (havana)
Upstream:https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18 (grizzly)
Upstream:https://review.openstack.org/54767 (havana)
Upstream:https://review.openstack.org/54768 (grizzly)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-06-17 23:14:34 UTC (commit 8156)