Summary: | sys-cluster/nova : fails to verify image virtual size (CVE-2013-2096) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/05/16/7 | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-05-16 11:20:34 UTC
fix commited for 2013.1 and 2012.4 as nova-2012.2.4-r2.ebuild and nova-2013.1.1-r2.ebuild old badness removed from tree No glsa needed, was never stable. My mistake. Closing. CVE-2013-2096 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2096): OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. |