Summary: | <sys-cluster/nova-{2013.1.4,2013.2.1} : live snapshots use an insecure local directory (CVE-2013-7048) [OSSA 2014-001] | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/12/11/6 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-12-12 10:53:27 UTC
patches applied. old badness removed new hotness added ( nova-2013.1.4-r5 and nova-2013.2.1-r3 ) removing myself from cc as I'm unneeded here (along with openstack herd) :D CVE-2013-7048 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7048): OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. Later versions in tree and all vulnerable have been removed. |