CVE-2014-0134

Priority
Medium
Description
The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3
and Icehouse before 2014.1, when using libvirt to spawn images and
use_cow_images is set to false, allows remote authenticated users to read
certain compute host files by overwriting an instance disk with a crafted
image.
References
Bugs
Notes
 jdstrand> 1:2013.2.3-0ubuntu1 is now in saucy-updates
 jdstrand> introduced in grizzly
Package
Source: nova (LP Ubuntu Debian)
Upstream:released (2013.2.2-4)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Patches:
Upstream:https://git.openstack.org/cgit/openstack/nova/commit/?id=dc8de426066969a3f0624fdc2a7b29371a2d55bf (master)
Upstream:https://git.openstack.org/cgit/openstack/nova/commit/?id=25e761acd56d4c820273fc0245ada06c500c1637 (havana)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:42:13 UTC (commit 9756)