Package: nova Version: 2013.1.3-2 Severity: grave Tags: security upstream Justification: user security hole
Hi, So here is one more of the CVE's not checked yet from security-tracker. Wheezy does not seem affected to this. the following vulnerability was published for nova. CVE-2013-7048[0]: Nova live snapshots use an insecure local directory Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writeable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048 http://security-tracker.debian.org/tracker/CVE-2013-7048 [1] https://bugs.launchpad.net/nova/+bug/1227027 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org