Bug 970258 - (CVE-2016-2140) VUL-0: CVE-2016-2140: openstack-nova: Host data leak through resize/migration
(CVE-2016-2140)
VUL-0: CVE-2016-2140: openstack-nova: Host data leak through resize/migration
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Cloud Bugs
Security Team bot
https://smash.suse.de/issue/162864/
CVSSv2:RedHat:CVE-2016-2140:7.5:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-09 10:47 UTC by Victor Pereira
Modified: 2017-08-04 09:03 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-03-09 10:47:13 UTC
rh#1313454

It was reported that by overwriting an ephemeral or root disk with a malicious image before requesting a resize, an authenticated user may be able to read arbitrary files from the compute host. Only setups using libvirt driver with raw storage and setting "use_cow_images = False" (not default) are affected.

Affected versions: <=2015.1.2, >=12.0.0 <=12.0.2

Upstream patches:

https://review.openstack.org/289957 (mitaka)
https://review.openstack.org/289958 (liberty)
https://review.openstack.org/289960 (kilo)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1313454
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2140
http://seclists.org/oss-sec/2016/q1/563
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2140.html
https://rhn.redhat.com/errata/RHSA-2016-0366.html
https://rhn.redhat.com/errata/RHSA-2016-0365.html
https://rhn.redhat.com/errata/RHSA-2016-0364.html
https://rhn.redhat.com/errata/RHSA-2016-0363.html
Comment 1 Swamp Workflow Management 2016-03-09 23:00:14 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2016-08-23 19:14:50 UTC
SUSE-SU-2016:2143-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (low)
Bug References: 970258,982426,983807,984442,984443,988729
CVE References: CVE-2016-2140,CVE-2016-4428,CVE-2016-5362,CVE-2016-5363
Sources used:
SUSE OpenStack Cloud 6 (src):    openstack-ceilometer-5.0.4~a0~dev6-6.1, openstack-ceilometer-doc-5.0.4~a0~dev6-6.2, openstack-cinder-7.0.3~a0~dev2-7.1, openstack-cinder-doc-7.0.3~a0~dev2-7.1, openstack-dashboard-8.0.2~a0~dev34-8.1, openstack-glance-11.0.2~a0~dev13-7.1, openstack-glance-doc-11.0.2~a0~dev13-7.1, openstack-heat-5.0.2~a0~dev93-9.1, openstack-heat-doc-5.0.2~a0~dev93-9.3, openstack-keystone-8.1.1~a0~dev13-3.1, openstack-keystone-doc-8.1.1~a0~dev13-3.2, openstack-manila-1.0.2~a0~dev11-9.1, openstack-manila-doc-1.0.2~a0~dev11-9.2, openstack-neutron-7.1.2~a0~dev29-10.1, openstack-neutron-doc-7.1.2~a0~dev29-10.1, openstack-neutron-fwaas-7.1.2~a0~dev1-6.1, openstack-neutron-fwaas-doc-7.1.2~a0~dev1-6.1, openstack-neutron-lbaas-7.1.2~a0~dev1-6.1, openstack-neutron-lbaas-doc-7.1.2~a0~dev1-6.1, openstack-nova-12.0.5~a0~dev2-7.1, openstack-nova-doc-12.0.5~a0~dev2-7.1, openstack-resource-agents-1.0+git.1467079370.4f2c49d-7.1, python-networking-cisco-2.1.1-6.1, python-openstackclient-1.7.2-4.1
Comment 3 Johannes Segitz 2017-08-04 09:03:07 UTC
fixed in current products