Bugzilla – Bug 847648
VUL-0: CVE-2013-4463: openstack-nova: ensure we don't boot oversized images
Last modified: 2014-01-28 15:04:41 UTC
bugbot adjusting priority
CVE-2013-4469 was also added, new description: Bernhard M. Wiedemann from SUSE reported a vulnerability in Nova's control of the size of disk images. By using malicious compressed qcow2 disk images, an authenticated user may consume large amounts of disk space for each image, potentially resulting in a Denial of Service attack on Nova compute nodes (CVE-2013-4463). While fixing this issue, P=C3= =A1draig Brady from Red Hat additionally discovered that OSSA 2013-012 did = not fully address CVE-2013-2096 in the non-default case where use_cow_image= s=3DFalse, and malicious qcow images are being transferred from Glance. In = that specific case, an authenticated user could still consume large amounts= of disk space for each instance using the malicious image, potentially als= o resulting in a Denial of Service attack on Nova compute nodes (CVE-2013-4= 469). The provided fixes address both issues.
now public. OpenStack Security Advisory: 2013-029 CVE: CVE-2013-4463, CVE-2013-4469 Date: October 31, 2013 Title: Potential Nova denial of service through compressed disk images Reporter: Bernhard M. Wiedemann (SUSE) & Pádraig Brady (Red Hat) Products: Nova Affects: All versions Description: Bernhard M. Wiedemann from SUSE reported a vulnerability in Nova's control of the size of disk images. By using malicious compressed qcow2 disk images, an authenticated user may consume large amounts of disk space for each image, potentially resulting in a Denial of Service attack on Nova compute nodes (CVE-2013-4463). While fixing this issue, Pádraig Brady from Red Hat additionally discovered that OSSA 2013-012 did not fully address CVE-2013-2096 in the non-default case where use_cow_images=False, and malicious qcow images are being transferred from Glance. In that specific case, an authenticated user could still consume large amounts of disk space for each instance using the malicious image, potentially also resulting in a Denial of Service attack on Nova compute nodes (CVE-2013-4469). The provided fixes address both issues. Icehouse (development branch) fix: https://review.openstack.org/54765 Havana fix: https://review.openstack.org/54767 Grizzly fix: https://review.openstack.org/54768 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469 https://bugs.launchpad.net/nova/+bug/1206081 Regards, - -- Thierry Carrez OpenStack Vulnerability Management Team
Sascha: here are the latest security issues we have.
The SWAMPID for this issue is 55537. This issue was rated as moderate. Please submit fixed packages until 2013-12-31. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: openstack-nova, openstack-nova-api, openstack-nova-cells, openstack-nova-cert, openstack-nova-compute, openstack-nova-conductor, openstack-nova-console, openstack-nova-consoleauth, openstack-nova-network, openstack-nova-novncproxy, openstack-nova-objectstore, openstack-nova-scheduler, openstack-nova-test, openstack-nova-vncproxy, openstack-nova-volume, python-nova Products: SUSE-CLOUD 2.0 (x86_64)
SUSE-SU-2014:0149-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 847648,848825 CVE References: CVE-2013-4463,CVE-2013-4497 Sources used: SUSE Cloud 2.0 (src): openstack-nova-2013.1.5.a17.g4655df1-0.7.1