| Summary: |
<sys-cluster/nova-{2013.1.4-r4,2013.2.1-r2} : Live migration can leak root disk into ephemeral storage[OSSA 2014-003] (CVE-2013-7130) |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
trivial
|
CC: |
openstack, prometheanfire
|
| Priority: |
Normal
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
http://www.openwall.com/lists/oss-security/2014/01/23/5
|
| Whiteboard: |
~4 [noglsa] |
|
Package list:
|
|
Runtime testing required:
|
---
|
|---|
From ${URL} : OpenStack Security Advisory: 2014-003 CVE: CVE-2013-7130 Date: January 23, 2014 Title: Live migration can leak root disk into ephemeral storage Reporter: Loganathan Parthipan (HP) Products: Nova Affects: All supported versions Description: Loganathan Parthipan from Hewlett Packard reported a vulnerability in the Nova libvirt driver. By spawning a server with the same flavor as another user's migrated virtual machine, an authenticated user can potentially access that user's snapshot content resulting in information leakage. Only setups using KVM live block migration are affected. Icehouse (development branch) fix: https://review.openstack.org/#/c/68658/ Havana (development branch) fix: https://review.openstack.org/#/c/68659/ Grizzly fix: https://review.openstack.org/#/c/68660/ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130 https://bugs.launchpad.net/nova/+bug/1251590 @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.