Date: Fri, 21 Mar 2014 14:37:35 +1000 From: Grant Murphy <gmurphy@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request for vulnerability in OpenStack Nova A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Nova VMWare driver leaks rescued images Reporter: Jaroslav Henner (Red Hat) Products: Nova Versions: 2013.2 to 2013.2.2 Description: Jaroslav Henner from Red Hat reported a vulnerability in Nova. By requesting Nova place an image into rescue, then deleting the image, an authenticated user my exceed their quota. This can result in a denial of service via excessive resource consumption. Only setups using the Nova VMWare driver are affected. References: https://bugs.launchpad.net/nova/+bug/1269418 Thanks in advance, -- Grant Murphy OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (231 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ