CVE-2013-4469
Published: 2 November 2013
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
Notes
| Author | Note |
|---|---|
| jdstrand | patch for CVE-2013-4463 should fix this saucy needs a no change rebuild for saucy-security |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nova Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Released
(2012.1.3+stable-20130423-e52e6912-0ubuntu1.4)
|
|
| quantal |
Ignored
(end of life, was pending)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Released
(1:2013.2.3-0ubuntu1.2)
|
|
| trusty |
Does not exist
(trusty was not-affected [1:2014.1~b1-0ubuntu2])
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: https://bugzilla.redhat.com/attachment.cgi?id=816275&action=diff vendor: https://bugzilla.redhat.com/attachment.cgi?id=816276&action=diff vendor: https://bugzilla.redhat.com/attachment.cgi?id=816277&action=diff upstream: https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30 upstream: https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f upstream: https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18 upstream: https://review.openstack.org/54767 upstream: https://review.openstack.org/54768 |
||