Adds OSSA 2016-007 (CVE-2016-2140)
Change-Id: I95d3a2211e25e7e121b4a67a729e4c4364eb1118 Related-Bug: #1548450
This commit is contained in:
parent
2666088c83
commit
51a4f35c3e
|
@ -0,0 +1,49 @@
|
|||
date: 2016-03-08
|
||||
|
||||
id: OSSA-2016-007
|
||||
|
||||
title: 'Nova host data leak through resize/migration'
|
||||
|
||||
description: 'Matthew Booth from Red Hat reported a vulnerability in Nova instance
|
||||
resize/migration. By overwriting an ephemeral or root disk with a malicious
|
||||
image before requesting a resize, an authenticated user may be able to read
|
||||
arbitrary files from the compute host. Only setups using libvirt driver with
|
||||
raw storage and setting "use_cow_images = False" (not default) are affected.'
|
||||
|
||||
affected-products:
|
||||
|
||||
- product: nova
|
||||
version: "<=2015.1.3, >=12.0.0 <=12.0.2"
|
||||
|
||||
vulnerabilities:
|
||||
|
||||
- cve-id: CVE-2016-2140
|
||||
|
||||
reporters:
|
||||
|
||||
- name: 'Matthew Booth'
|
||||
affiliation: Red Hat
|
||||
reported:
|
||||
- CVE-2016-2140
|
||||
|
||||
issues:
|
||||
|
||||
links:
|
||||
- https://bugs.launchpad.net/bugs/1548450
|
||||
|
||||
reviews:
|
||||
|
||||
mitaka:
|
||||
- https://review.openstack.org/289957
|
||||
|
||||
liberty:
|
||||
- https://review.openstack.org/289958
|
||||
|
||||
kilo:
|
||||
- https://review.openstack.org/289960
|
||||
|
||||
type: gerrit
|
||||
|
||||
notes:
|
||||
- 'This fix will be included in future 2015.1.3 (kilo) and 12.0.3 (liberty)
|
||||
releases.'
|
Loading…
Reference in New Issue