Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 576802 (CVE-2016-2140)

Summary: <sys-cluster/nova-12.0.2-r1: host data leak through resize/migration (CVE-2016-2140)
Product: Gentoo Security Reporter: Matthew Thode ( prometheanfire ) <prometheanfire>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 576886    
Bug Blocks:    

Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-03-08 20:15:40 UTC 
Matthew Booth from Red Hat reported a vulnerability in Nova instance
resize/migration. By overwriting an ephemeral or root disk with a
malicious image before requesting a resize, an authenticated user may be
able to read arbitrary files from the compute host. Only setups using
libvirt driver with raw storage and setting "use_cow_images = False"
(not default) are affected.
Comment 1 Agostino Sarubbo gentoo-dev 2016-03-09 16:50:37 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2016-03-09 16:52:55 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 3 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-03-09 17:19:48 UTC 
cleaned up