Bug 1141996 (CVE-2014-3641)
Summary: | CVE-2014-3641 openstack-cinder: Cinder-volume host data leak to virtual machine instance | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, chrisw, dallan, eharney, gkotton, gmollett, jrusnack, lhh, lpeer, markmc, rbryant, sclewis, security-response-team, vdanen, yeylon | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2014-11-11 00:53:34 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1148695, 1148696, 1148697, 1149050, 1149051 | ||||||||||
Bug Blocks: | 1141997 | ||||||||||
Attachments: |
|
Description
Murray McAllister
2014-09-16 01:02:48 UTC
Created attachment 942918 [details]
upstream patch for juno
Created attachment 942919 [details]
upstream patch for icehouse
Created attachment 942920 [details]
upstream patch to fix an issue (caused by the previously attached patch) in the Windows Smbfs volume driver
This issue is public now: http://seclists.org/oss-sec/2014/q4/78 https://review.openstack.org/125671 https://review.openstack.org/125710 Created openstack-cinder tracking bugs for this issue: Affects: fedora-all [bug 1149051] openstack-cinder-2014.1.3-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2014:1788 https://rhn.redhat.com/errata/RHSA-2014-1788.html This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2014:1787 https://rhn.redhat.com/errata/RHSA-2014-1787.html |