Red Hat Bugzilla – Bug 884293
CVE-2012-5625 OpenStack Nova: Information leak in libvirt LVM-backed instances
Last modified: 2016-04-26 10:05:13 EDT
Thierry Carrez (firstname.lastname@example.org) has released information
Title: Information leak in libvirt LVM-backed instances
Reporter: Eric Windisch (Cloudscaling)
Affects: Folsom, Grizzly
Eric Windisch from Cloudscaling reported a vulnerability in libvirt
LVM-backed instances. The physical volume content was not wiped out
before being reallocated and passed to an instance, which may result in
the disclosure of information from previously-allocated logical volumes.
Only setups using libvirt and LVM-backed instances
(libvirt_images_type=lvm) are affected.
This was originally reported by Eric Windisch from Cloudscaling
Created attachment 661612 [details]
Created attachment 661613 [details]
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Eric Windisch as the original reporter of CVE-2012-5625.
openstack-nova-2012.2.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
openstack-nova-2012.2.2-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
OpenStack Folsom for RHEL 6
Via RHSA-2013:0208 https://rhn.redhat.com/errata/RHSA-2013-0208.html