| Summary: | <sys-cluster/nova-2013.2.2-r1 : Nova host data leak to vm instance in rescue mode (CVE-2014-0134) [OSSA 2014-009] | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2014/03/27/6 | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
fixed (and refixed) already, removing self from cc |
From ${URL} : OpenStack Security Advisory: 2014-009 CVE: CVE-2014-0134 Date: March 27, 2014 Title: Nova host data leak to vm instance in rescue mode. Reporter: Stanislaw Pitucha (HP) Products: Nova Versions: 2013.2 versions up to 2013.2.2 Description: Stanislaw Pitucha from Hewlett Packard reported a vulnerability in the Nova instance rescue mode. By overwriting the disk inside an instance with a malicious image and switching the instance to rescue mode, an authenticated user would be able to leak an arbitrary file from the compute host to the virtual instance. Note that the host file must be readable by the libvirt/kvm context to be exposed. Only setups using libvirt to spawn instance, and having "use_cow_images = False" in Nova configuration are affected. Icehouse (development branch) fix: https://review.openstack.org/82840 Havana fix: https://review.openstack.org/82841 Notes: This fix will be included in the icehouse-rc1 development milestone and in a future 2013.2.3 release. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134 https://launchpad.net/bugs/1221190 @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.