It was reported that by overwriting an ephemeral or root disk with a malicious image before requesting a resize, an authenticated user may be able to read arbitrary files from the compute host. Only setups using libvirt driver with raw storage and setting "use_cow_images = False" (not default) are affected. Affected versions: <=2015.1.2, >=12.0.0 <=12.0.2
Acknowledgments: Name: Matthew Booth (Red Hat)
Created attachment 1132693 [details] Master/mitaka patch
Created attachment 1132694 [details] Stable/kilo patch
Created attachment 1132695 [details] Stable/liberty patch
Upstream patches: https://review.openstack.org/289957 (mitaka) https://review.openstack.org/289958 (liberty) https://review.openstack.org/289960 (kilo)
Created openstack-nova tracking bugs for this issue: Affects: fedora-all [bug 1315891]
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2016:0366 https://rhn.redhat.com/errata/RHSA-2016-0366.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2016:0365 https://rhn.redhat.com/errata/RHSA-2016-0365.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2016:0364 https://rhn.redhat.com/errata/RHSA-2016-0364.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2016:0363 https://rhn.redhat.com/errata/RHSA-2016-0363.html
External references: http://seclists.org/oss-sec/2016/q1/563
(In reply to Andrej Nemec from comment #19) > External references: > > http://seclists.org/oss-sec/2016/q1/563 There is an errata released, which concerns these patches. http://seclists.org/oss-sec/2016/q1/579
(In reply to Andrej Nemec from comment #21) > (In reply to Andrej Nemec from comment #19) > > External references: > > > > http://seclists.org/oss-sec/2016/q1/563 > > There is an errata released, which concerns these patches. > > http://seclists.org/oss-sec/2016/q1/579 Updated builds correcting this issue have been added to errata.