PublicDateAtUSN: 2013-05-16
Candidate: CVE-2013-2096
PublicDate: 2013-07-09 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2096
 https://ubuntu.com/security/notices/USN-1831-1
Description:
 OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the
 virtual size of a QCOW2 image, which allows local users to cause a denial
 of service (host file system disk consumption) by creating an image with a
 large virtual size that does not contain a large amount of data.
Ubuntu-Description:
Notes:
 jdstrand> the patch for this introduced a regression on Folsom. This was
  not introduced in the 12.04 LTS backport and was fixed in 2012.2.3-0ubuntu2.2
  on Ubuntu 12.10
Bugs:
 https://bugs.launchpad.net/nova/+bug/1177830
 https://bugs.launchpad.net/nova/+bug/1183606
Priority: medium
Discovered-by: Loganathan Parthipan
Assigned-to: jdstrand
CVSS: 

Patches_nova:
 other: https://review.openstack.org/#/c/30373/ (folsom regression fix)
upstream_nova: needs-triage
lucid_nova: DNE
precise_nova: released (2012.1.3+stable-20130423-e52e6912-0ubuntu1.1)
quantal_nova: released (2012.2.3-0ubuntu2.1)
raring_nova: released (1:2013.1-0ubuntu2.1)
devel_nova: released (1:2013.1-0ubuntu2.1)