Bug 1040786 (CVE-2013-7048)
Summary: | CVE-2013-7048 Openstack Nova: insecure directory permissions in snapshots | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | akscram, alexander.sakhnov, aortega, apevec, apevec, ayoung, bfilippov, breu, chrisw, d.busby, gkotton, gmollett, iheim, itamar, Jan.van.Eldik, jonathansteffan, jose.castro.leon, kseifried, lhh, lpeer, markmc, mlvov, mmagr, mmcallis, ndipanov, p, rbryant, rhos-maint, sclewis, sdake, security-response-team, sradvan, yeylon |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-07-15 07:10:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1040788, 1040789, 1063634, 1063636, 1063637 | ||
Bug Blocks: | 1023240, 1040792 |
Description
Ratul Gupta
2013-12-12 06:25:49 UTC
Created openstack-nova tracking bugs for this issue: Affects: fedora-all [bug 1040788] Affects: epel-6 [bug 1040789] Fix information: Icehouse (development branch) fix: https://review.openstack.org/#/c/58852/ Havana fix: https://review.openstack.org/#/c/60548/ Grizzly fix: https://review.openstack.org/#/c/60550/ Salvatore Bonaccorso noted in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022 "From https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.2 and looking at nova/virt/libvirt/driver.py this looks it is fixed only in 2013.2.2." Is that a concern for anything Red Hat ships? openstack-nova-2013.2.2-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0231 https://rhn.redhat.com/errata/RHSA-2014-0231.html openstack-nova-2013.1.5-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2014:0366 https://rhn.redhat.com/errata/RHSA-2014-0366.html |