CVE-2014-0134

Priority
Medium
Description
The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3
and Icehouse before 2014.1, when using libvirt to spawn images and
use_cow_images is set to false, allows remote authenticated users to read
certain compute host files by overwriting an instance disk with a crafted
image.
References
Bugs
Notes
jdstrand> 1:2013.2.3-0ubuntu1 is now in saucy-updates
jdstrand> introduced in grizzly
Package
Source: nova (LP Ubuntu Debian)
Upstream:released (2013.2.2-4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 13.10 (Saucy Salamander):released (1:2013.2.3-0ubuntu1.2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 14.10 (Utopic Unicorn):not-affected
Patches:
Upstream:https://git.openstack.org/cgit/openstack/nova/commit/?id=dc8de426066969a3f0624fdc2a7b29371a2d55bf (master)
Upstream:https://git.openstack.org/cgit/openstack/nova/commit/?id=25e761acd56d4c820273fc0245ada06c500c1637 (havana)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-06-17 23:14:34 UTC (commit 8156)