Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 10 Mar 2016 02:39:26 +0000
From: Tristan Cacqueray <tdecacqu@...hat.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2016-007.1] Nova host data leak through resize/migration
 (CVE-2016-2140) ERRATA

=============================================================
OSSA-2016-007.1: Nova host data leak through resize/migration
=============================================================

:Date: March 08, 2016
:CVE: CVE-2016-2140


Affects
~~~~~~~
- Nova: <=2015.1.3, >=12.0.0 <=12.0.2


Description
~~~~~~~~~~~
Matthew Booth from Red Hat reported a vulnerability in Nova instance
resize/migration. By overwriting an ephemeral or root disk with a
malicious image before requesting a resize, an authenticated user may
be able to read arbitrary files from the compute host. Only setups
using libvirt driver with raw storage and setting "use_cow_images =
False" (not default) are affected.


Errata
~~~~~~
The former fix did not take into account the usage of non-disk-image
backends and caused a regression for this use-case. This update
provides an additional fix for that issue.


Patches
~~~~~~~
- https://review.openstack.org/289960 - original (Kilo)
- https://review.openstack.org/290847 - errata   (Kilo)
- https://review.openstack.org/289958 - original (Liberty)
- https://review.openstack.org/290843 - errata   (Liberty)
- https://review.openstack.org/289957 - original (Mitaka)
- https://review.openstack.org/290715 - errata   (Mitaka)


Credits
~~~~~~~
- Matthew Booth from Red Hat (CVE-2016-2140)


References
~~~~~~~~~~
- https://bugs.launchpad.net/bugs/1548450
- https://bugs.launchpad.net/bugs/1555287
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140


OSSA History
~~~~~~~~~~~~
- 2016-03-09 - Errata 1
- 2016-03-08 - Original Version


--
Tristan Cacqueray
OpenStack Vulnerability Management Team


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ