Bug 884293 (CVE-2012-5625) - CVE-2012-5625 OpenStack Nova: Information leak in libvirt LVM-backed instances
Summary: CVE-2012-5625 OpenStack Nova: Information leak in libvirt LVM-backed instances
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-5625
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 884294
Blocks: 873487 884295
TreeView+ depends on / blocked
 
Reported: 2012-12-05 20:16 UTC by Kurt Seifried
Modified: 2023-05-12 20:28 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-04-23 12:43:11 UTC
Embargoed:


Attachments (Terms of Use)
openstack-nova-CVE-2012-5625.patch (1.85 KB, patch)
2012-12-11 19:19 UTC, Kurt Seifried
no flags Details | Diff
openstack-folsom-nova-CVE-2012-5625.patch (1.85 KB, patch)
2012-12-11 19:20 UTC, Kurt Seifried
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1070539 0 None None None Never
Red Hat Product Errata RHSA-2013:0208 0 normal SHIPPED_LIVE Important: openstack-nova security and bug fix update 2013-01-31 02:04:52 UTC

Description Kurt Seifried 2012-12-05 20:16:45 UTC
Thierry Carrez (thierry) has released information 

Title: Information leak in libvirt LVM-backed instances
Reporter: Eric Windisch (Cloudscaling)
Products: Nova
Affects: Folsom, Grizzly

Description:
Eric Windisch from Cloudscaling reported a vulnerability in libvirt
LVM-backed instances. The physical volume content was not wiped out
before being reallocated and passed to an instance, which may result in
the disclosure of information from previously-allocated logical volumes.
Only setups using libvirt and LVM-backed instances
(libvirt_images_type=lvm) are affected.

This was originally reported by Eric Windisch from Cloudscaling

Comment 2 Kurt Seifried 2012-12-11 18:59:25 UTC
External Reference:

http://lists.openstack.org/pipermail/openstack-announce/2012-December/000059.html

Comment 3 Kurt Seifried 2012-12-11 19:19:40 UTC
Created attachment 661612 [details]
openstack-nova-CVE-2012-5625.patch

Comment 4 Kurt Seifried 2012-12-11 19:20:29 UTC
Created attachment 661613 [details]
openstack-folsom-nova-CVE-2012-5625.patch

Comment 5 Kurt Seifried 2012-12-11 19:41:42 UTC
Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Eric Windisch as the original reporter of CVE-2012-5625.

Comment 6 Fedora Update System 2013-01-02 19:10:18 UTC
openstack-nova-2012.2.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2013-01-11 23:33:35 UTC
openstack-nova-2012.2.2-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 errata-xmlrpc 2013-01-30 21:07:30 UTC
This issue has been addressed in following products:

  OpenStack Folsom for RHEL 6

Via RHSA-2013:0208 https://rhn.redhat.com/errata/RHSA-2013-0208.html


Note You need to log in before you can comment on or make changes to this bug.