Thierry Carrez (thierry) has released information Title: Information leak in libvirt LVM-backed instances Reporter: Eric Windisch (Cloudscaling) Products: Nova Affects: Folsom, Grizzly Description: Eric Windisch from Cloudscaling reported a vulnerability in libvirt LVM-backed instances. The physical volume content was not wiped out before being reallocated and passed to an instance, which may result in the disclosure of information from previously-allocated logical volumes. Only setups using libvirt and LVM-backed instances (libvirt_images_type=lvm) are affected. This was originally reported by Eric Windisch from Cloudscaling
External Reference: http://lists.openstack.org/pipermail/openstack-announce/2012-December/000059.html
Created attachment 661612 [details] openstack-nova-CVE-2012-5625.patch
Created attachment 661613 [details] openstack-folsom-nova-CVE-2012-5625.patch
Acknowledgements: Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Eric Windisch as the original reporter of CVE-2012-5625.
openstack-nova-2012.2.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
openstack-nova-2012.2.2-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: OpenStack Folsom for RHEL 6 Via RHSA-2013:0208 https://rhn.redhat.com/errata/RHSA-2013-0208.html