[PKG-Openstack-devel] Bug#750144: CVE-2014-2573: Nova VMWare driver leaks rescued images
Thomas Goirand
zigo at debian.org
Mon Jun 2 03:31:20 UTC 2014
Source: nova
Version: 2014.1-8
Severity: normal
Tags: security patch
OpenStack Security Advisory: 2014-017
CVE: CVE-2014-2573
Date: May 29, 2014
Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Products: Nova
Versions: from 2013.2 to 2013.2.3, and 2014.1
Description:
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting the image,
an authenticated user my exceed their quota. This can result in a
denial of service via excessive resource consumption. Only setups
using the Nova VMWare driver are affected.
Juno (development branch) fix:
https://review.openstack.org/75788
https://review.openstack.org/80284
Icehouse fix:
https://review.openstack.org/88514
https://review.openstack.org/89217
Havana fix:
https://review.openstack.org/89762
https://review.openstack.org/89768
Notes:
This fix will be included in the juno-1 development milestone and in
future 2013.2.4 and 2014.1.1 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573
https://launchpad.net/bugs/1269418
-- Jeremy Stanley OpenStack Vulnerability Management Team
More information about the Openstack-devel
mailing list