CVE-2015-7548

Priority
Medium
Description
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1
(liberty), when using libvirt to spawn instances and use_cow_images is set
to false, allow remote authenticated users to read arbitrary files by
overwriting an instance disk with a crafted image and requesting a
snapshot.
References
Bugs
Assigned-to
mdeslaur
Package
Source: nova (LP Ubuntu Debian)
Upstream:released (12.0.1)
Ubuntu 17.10 (Artful Aardvark):not-affected (2:13.0.0-0ubuntu4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1.5-0ubuntu1.7)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:13.0.0-0ubuntu2)
Ubuntu 17.04 (Zesty Zapus):not-affected (2:13.0.0-0ubuntu4)
More Information

Updated: 2017-10-11 14:14:41 UTC (commit 13496)