Bug 902629 (CVE-2013-0208)
Summary: | CVE-2013-0208 openstack-nova: Boot from volume allows access to random volumes | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||||
Severity: | high | Docs Contact: | |||||||||||
Priority: | high | ||||||||||||
Version: | unspecified | CC: | apevec, cvsbot-xmlrpc, jrusnack, markmc, ndipanov, pbrady, rbryant, security-response-team, ykaul | ||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2013-04-23 12:54:59 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | 903034, 903035 | ||||||||||||
Bug Blocks: | 902643 | ||||||||||||
Attachments: |
|
Description
Kurt Seifried
2013-01-22 06:17:22 UTC
Created attachment 684893 [details]
essex-CVE-2013-0208-1069904.patch
Created attachment 684894 [details]
folsom-CVE-2013-0208-1069904.patch
Created attachment 687206 [details]
essex-CVE-2013-0208-1069904-v2.patch
Created attachment 687207 [details]
folsom-CVE-2013-0208-1069904-v2.patch
Updated patches have been released, the old ones are incorrect and should not be used, I have marked them as obsolete. Acknowledgements: Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day as the original reporter. This is now public: https://bugs.launchpad.net/nova/+bug/1069904 Are there Fedora tracking bugs for this (Fedora 17 for essex, and Fedora 18/EPEL6 for Folsom) This issue has been addressed in following products: OpenStack Folsom for RHEL 6 Via RHSA-2013:0208 https://rhn.redhat.com/errata/RHSA-2013-0208.html |