OpenStack Security Advisory: 2014-003 CVE: CVE-2013-7130 Date: January 23, 2014
Title: Live migration can leak root disk into ephemeral storage Reporter: Loganathan Parthipan (HP) Products: Nova Affects: All supported versions Description: Loganathan Parthipan from Hewlett Packard reported a vulnerability in the Nova libvirt driver. By spawning a server with the same flavor as another user's migrated virtual machine, an authenticated user can potentially access that user's snapshot content resulting in information leakage. Only setups using KVM live block migration are affected. Icehouse (development branch) fix: https://review.openstack.org/#/c/68658/ Havana (development branch) fix: https://review.openstack.org/#/c/68659/ Grizzly fix: https://review.openstack.org/#/c/68660/ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130 https://bugs.launchpad.net/nova/+bug/1251590 -- Grant Murphy OpenStack Vulnerability Management Team
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
