CVE-2016-2140

Priority
Low
Description
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and
12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images
is set to false, allows remote authenticated users to read arbitrary files
via a crafted qcow2 header in an ephemeral or root disk.
References
Bugs
Notes
 sbeattie> from debian: Affects: <=2015.1.3, >=12.0.0 <=12.0.2
Assigned-to
mdeslaur
Package
Source: nova (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (2:12.0.0-0ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1.5-0ubuntu1.7)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:12.0.0-0ubuntu2)
Ubuntu 17.04 (Zesty Zapus):not-affected (2:12.0.0-0ubuntu2)
Patches:
Upstream:https://review.openstack.org/289960 (Kilo)
Upstream:https://review.openstack.org/289958 (Liberty)
Upstream:https://review.openstack.org/289957 (Mitaka)
More Information

Updated: 2017-10-11 14:14:43 UTC (commit 13496)