CVE-2013-6437 (retired)

Priority
Description
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse
before icehouse-2 allows remote authenticated users to cause a denial of
service (disk consumption) by creating and deleting instances with unique
os_type settings, which triggers the creation of a new ephemeral disk
backing file.
Notes
 mdeslaur> OSSA 2013-037
 mdeslaur> in precise and quantal, code is in connection.py
 mdeslaur> seems to be introduced by:
 mdeslaur> https://git.openstack.org/cgit/openstack/nova/commit/nova/virt/libvirt/driver.py?id=0cecdf4b8632d3a4eea816869796b03e8b928256
Package
Source: nova (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:2014.1~b3-0ubuntu2)
Patches:
Upstream:https://review.openstack.org/62910 (icehouse)
Upstream:https://review.openstack.org/62912 (havana)
Upstream:https://review.openstack.org/62913 (grizzly)
More Information

Updated: 2019-03-26 12:11:08 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)