openstack-rdo tracking bug for openstack-nova: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs]
*** Bug 961135 has been marked as a duplicate of this bug. ***
This is already fixed in Icehouse-2 and will be included in Havana in the 2013.2.2 rebase.
CLOSING this is already fixed in Havana and IceHouse. The fix is in in IceHouse ---------------------------------------------------------------------------- $ git branch * (detached from origin/el6-havana) el6 $ git log | grep 70b47d2a27a7b49c221ce096334ceaf542133d43 -A6 commit 70b47d2a27a7b49c221ce096334ceaf542133d43 Author: Xavier Queralt <xqueralt> Date: Fri Nov 29 08:52:47 2013 +0100 Ensure we don't boot oversized images Resolves: CVE-2013-0326 kashyap@el6$ ------------------------------------------------------------------------------- Since this is a CVE fix, I also manually compared by checking sources: $ wget https://repos.fedorapeople.org/repos/openstack/openstack-havana/epel-6/openstack-nova-2013.2.2-1.el6.src.rpm $ rpm2cpio openstack-nova-2013.2.2-1.el6.src.rpm | cpio --extract --make-directories Then, compare the source with the upstream commit FIX: --------------- https://review.openstack.org/#/c/54767/ commit f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30 Author: Pádraig Brady <pbrady> Date: Fri Sep 27 04:07:14 2013 +0100 ensure we don't boot oversized images ---------------