553688 – <sys-cluster/cinder-2014.2.3-r1: Arbitrary file read (CVE-2015-1851)

Bug 553688 - <sys-cluster/cinder-2014.2.3-r1: Arbitrary file read (CVE-2015-1851)

Summary: <sys-cluster/cinder-2014.2.3-r1: Arbitrary file read (CVE-2015-1851)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-06-30 23:34 UTC by GLSAMaker/CVETool Bot
Modified:	2015-06-30 23:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2015-06-30 23:34:15 UTC

CVE-2015-1851 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1851):
  OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4
  (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated
  users to read arbitrary files via a crafted qcow2 signature in an image to
  the upload-to-image command.


  17 Jun 2015; Matthew Thode <prometheanfire@gentoo.org>
  +cinder-2014.2.3-r1.ebuild, +cinder-2015.1.0-r1.ebuild,
  +files/CVE-2015-1851_2014.2.3.patch, +files/CVE-2015-1851_2015.1.0.patch,
  -cinder-2015.1.0.ebuild:
  fixing CVE-2015-1851