CVE-2014-3641
Published: 8 October 2014
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.
Priority
Status
Package | Release | Status |
---|---|---|
cinder Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(1:2014.1.3-0ubuntu1)
|
|
upstream |
Released
(2014.1.3-1)
|
|
utopic |
Not vulnerable
(1:2014.2~rc2-0ubuntu1)
|
|
Patches: upstream: https://review.openstack.org/#/c/125671/ upstream: https://review.openstack.org/#/c/125710/ |