Back to bug 1313454
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-03-01 15:55:56 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-03-01 15:55:56 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-03-01 15:58:13 UTC | Blocks | 1313456 | |
| Adam Mariš | 2016-03-01 16:47:51 UTC | Depends On | 1312924 | |
| Garth Mollett | 2016-03-01 20:11:51 UTC | CC | gmollett | |
| Whiteboard | impact=moderate,public=no,reported=20160301,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cwe=CWE-200,openstack-5/openstack-nova=new,openstack-6/openstack-nova=new,openstack-7/openstack-nova=new,openstack-8/openstack-nova=new,openstack-rdo/openstack-nova=new,fedora-all/openstack-nova=affected | impact=important,public=no,reported=20160301,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cwe=CWE-200,openstack-5/openstack-nova=new,openstack-6/openstack-nova=new,openstack-7/openstack-nova=new,openstack-8/openstack-nova=new,openstack-rdo/openstack-nova=new,fedora-all/openstack-nova=affected | ||
| Garth Mollett | 2016-03-02 07:06:59 UTC | Whiteboard | impact=important,public=no,reported=20160301,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cwe=CWE-200,openstack-5/openstack-nova=new,openstack-6/openstack-nova=new,openstack-7/openstack-nova=new,openstack-8/openstack-nova=new,openstack-rdo/openstack-nova=new,fedora-all/openstack-nova=affected | impact=important,public=no,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=affected,openstack-rdo/openstack-nova=affected,fedora-all/openstack-nova=affected |
| Garth Mollett | 2016-03-02 07:07:21 UTC | Depends On | 1313655 | |
| Garth Mollett | 2016-03-02 07:07:33 UTC | Depends On | 1313656 | |
| Garth Mollett | 2016-03-02 07:07:48 UTC | Depends On | 1313657 | |
| Garth Mollett | 2016-03-02 07:08:01 UTC | Depends On | 1313658 | |
| Garth Mollett | 2016-03-02 07:30:00 UTC | CC | mbooth | |
| Adam Mariš | 2016-03-03 09:12:04 UTC | Whiteboard | impact=important,public=no,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=affected,openstack-rdo/openstack-nova=affected,fedora-all/openstack-nova=affected | impact=important,public=20160308,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=affected,openstack-rdo/openstack-nova=affected,fedora-all/openstack-nova=affected |
| Tristan Cacqueray | 2016-03-03 19:44:35 UTC | CC | lyarwood | |
| Garth Mollett | 2016-03-07 04:39:22 UTC | Doc Text | A flaw was found in the OpenStack Compute (Nova) resize and, migrate features. An authenticated user can write a malicious qcow header, referencing a block device as a backing file, to an ephemeral or root disk. Upon either resize or migration the content of the filesystem on the specified block device will be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" are affected. | |
| Garth Mollett | 2016-03-07 04:42:44 UTC | Doc Text | A flaw was found in the OpenStack Compute (Nova) resize and, migrate features. An authenticated user can write a malicious qcow header, referencing a block device as a backing file, to an ephemeral or root disk. Upon either resize or migration the content of the filesystem on the specified block device will be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" are affected. | A flaw was found in the OpenStack Compute (Nova) resize and, migrate features. An authenticated user can write a malicious qcow header, referencing a block device as a backing file, to an ephemeral or root disk. Upon either resize or migration the content of the filesystems on the specified block device will be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" are affected. |
| Summer Long | 2016-03-07 04:53:11 UTC | CC | slong | |
| Doc Text | A flaw was found in the OpenStack Compute (Nova) resize and, migrate features. An authenticated user can write a malicious qcow header, referencing a block device as a backing file, to an ephemeral or root disk. Upon either resize or migration the content of the filesystems on the specified block device will be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" are affected. | An information-exposure flaw was found in the OpenStack Compute (Nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, the filesystem content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. | ||
| Summer Long | 2016-03-07 04:56:22 UTC | Doc Text | An information-exposure flaw was found in the OpenStack Compute (Nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, the filesystem content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. | An information-exposure flaw was found in the OpenStack Compute (Nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. |
| Summer Long | 2016-03-07 05:15:02 UTC | Doc Text | An information-exposure flaw was found in the OpenStack Compute (Nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. | An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected. |
| Garth Mollett | 2016-03-08 21:50:21 UTC | Summary | EMBARGOED CVE-2016-2140 openstack-nova: Host data leak through resize/migration | CVE-2016-2140 openstack-nova: Host data leak through resize/migration |
| Garth Mollett | 2016-03-08 21:50:28 UTC | Group | security, qe_staff | |
| Garth Mollett | 2016-03-08 21:52:13 UTC | Depends On | 1315890 | |
| Garth Mollett | 2016-03-08 21:52:27 UTC | Depends On | 1315891 | |
| Garth Mollett | 2016-03-08 23:47:56 UTC | Flags | needinfo?(mbooth) | |
| Andrej Nemec | 2016-03-09 08:04:24 UTC | Priority | medium | high |
| CC | anemec | |||
| Severity | medium | high | ||
| Garth Mollett | 2016-03-10 23:26:11 UTC | Flags | needinfo?(mbooth) | |
| Garth Mollett | 2016-04-13 06:29:03 UTC | Whiteboard | impact=important,public=20160308,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=affected,openstack-rdo/openstack-nova=affected,fedora-all/openstack-nova=affected | impact=important,public=20160308,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=notaffected,openstack-rdo/openstack-nova=affected,fedora-all/openstack-nova=affected |
| Garth Mollett | 2016-04-13 06:29:40 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-04-13 02:29:40 UTC | |||
| Perry Myers | 2016-04-26 23:29:10 UTC | CC | pmyers | |
| Joshua Padman | 2018-09-24 02:12:06 UTC | CC | jjoyce, kbasil, mburns, nova-maint, slinaber | |
| Whiteboard | impact=important,public=20160308,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=notaffected,openstack-rdo/openstack-nova=affected,fedora-all/openstack-nova=affected | impact=important,public=20160308,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=notaffected,openstack-rdo/openstack-nova=wontfix,fedora-all/openstack-nova=affected | ||
| Joshua Padman | 2018-09-24 04:03:53 UTC | Whiteboard | impact=important,public=20160308,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=notaffected,openstack-rdo/openstack-nova=wontfix,fedora-all/openstack-nova=affected | impact=important,public=20160308,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=notaffected,openstack-rdo/openstack-nova=affected,fedora-all/openstack-nova=affected |
| Product Security DevOps Team | 2019-09-29 13:45:06 UTC | Whiteboard | impact=important,public=20160308,reported=20160301,source=redhat,cvss2=7.5/AV:N/AC:M/Au:S/C:C/I:P/A:P,cwe=CWE-200,openstack-5/openstack-nova=affected,openstack-6/openstack-nova=affected,openstack-7/openstack-nova=affected,openstack-8/openstack-nova=notaffected,openstack-rdo/openstack-nova=affected,fedora-all/openstack-nova=affected |
Back to bug 1313454