CVE-2013-2096
Published: 16 May 2013
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
Notes
Author | Note |
---|---|
jdstrand | the patch for this introduced a regression on Folsom. This was not introduced in the 12.04 LTS backport and was fixed in 2012.2.3-0ubuntu2.2 on Ubuntu 12.10 |
Priority
Status
Package | Release | Status |
---|---|---|
nova Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(2012.1.3+stable-20130423-e52e6912-0ubuntu1.1)
|
|
quantal |
Released
(2012.2.3-0ubuntu2.1)
|
|
raring |
Released
(1:2013.1-0ubuntu2.1)
|
|
upstream |
Needs triage
|
|
Patches: other: https://review.openstack.org/#/c/30373/ |