CVE-2013-4463
Published: 6 February 2014
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
Notes
| Author | Note |
|---|---|
| jdstrand | incomplete fix for CVE-2013-2096 (LP: #1177830) patch for CVE-2013-4469 should fix this saucy needs a no change rebuild for saucy-security |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nova Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Released
(2012.1.3+stable-20130423-e52e6912-0ubuntu1.4)
|
|
| quantal |
Ignored
(end of life, was pending)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Released
(1:2013.2.3-0ubuntu1.2)
|
|
| trusty |
Does not exist
(trusty was not-affected [1:2014.1~b1-0ubuntu2])
|
|
| upstream |
Released
(1:2013.2.1-1)
|
|
|
Patches: vendor: https://bugzilla.redhat.com/attachment.cgi?id=816275&action=diff vendor: https://bugzilla.redhat.com/attachment.cgi?id=816276&action=diff vendor: https://bugzilla.redhat.com/attachment.cgi?id=816277&action=diff upstream: https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30 upstream: https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f upstream: https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18 upstream: https://review.openstack.org/54767 upstream: https://review.openstack.org/54768 |
||