-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2013-029 CVE: CVE-2013-4463, CVE-2013-4469 Date: October 31, 2013 Title: Potential Nova denial of service through compressed disk images Reporter: Bernhard M. Wiedemann (SUSE) & Pádraig Brady (Red Hat) Products: Nova Affects: All versions Description: Bernhard M. Wiedemann from SUSE reported a vulnerability in Nova's control of the size of disk images. By using malicious compressed qcow2 disk images, an authenticated user may consume large amounts of disk space for each image, potentially resulting in a Denial of Service attack on Nova compute nodes (CVE-2013-4463). While fixing this issue, Pádraig Brady from Red Hat additionally discovered that OSSA 2013-012 did not fully address CVE-2013-2096 in the non-default case where use_cow_images=False, and malicious qcow images are being transferred from Glance. In that specific case, an authenticated user could still consume large amounts of disk space for each instance using the malicious image, potentially also resulting in a Denial of Service attack on Nova compute nodes (CVE-2013-4469). The provided fixes address both issues. Icehouse (development branch) fix: https://review.openstack.org/54765 Havana fix: https://review.openstack.org/54767 Grizzly fix: https://review.openstack.org/54768 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469 https://bugs.launchpad.net/nova/+bug/1206081 Regards, - -- Thierry Carrez OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJScomUAAoJEFB6+JAlsQQjKf8QALc4olBe4QHSUg+1Zxa2vPSI +w8Mn6g3rU1CgDRnTmIeGMJaDy3ph7yyKbAiEWkv4wa4/HzJ4/fh79fu6C5kl9WN A5wJUyhb1G2lMb1gMylnMoF4G/ei//dplnAqtht+kbiuqmbwhAs+MqMnOVqJwdrJ QJIV7d9wNUD2SVDPMc1GEN9AFKHncuSHmI1UF5JQ1T8t5lhp8lo//0Vh8YiG6bCu l9vvU4jJhuyfY7ehneMt4aLS6rLEMKg0o//yZ48+mBv8/i7WWSn2k+O3o7k3uv5r AOfT7Q9fliQEjnuGvJdQieyGpCWJRvxWUZtApmjnt+yK/QW4w8OvP1S7grrA/hmN HDewR4UVORDCTw1rU9inHu0tWUQ63T1JSdj7jqLfZLuYZXcILn0qS6Wm7yeZqEit SRsA0wbEz22ArfFhJW1FvC80dpeue8KyeKPfsAM5tX70Fa3GubgTf88dXjc8Dpgv xAmbvoF/1c3PmxsBiWG0sj44Sai82C/7YNedIyPdipGx9sX9rLHr1e9ZXmsNHED6 IT468mBedxcal8gNafHRJ/fr1OHVNCkapSOtIzZbHilYkwIFSFbT4VN2cgGstDfw p60O59nc8jzl03vXtJ8Sata567VsxEM3b2g619hJDz8XLBqhmqoQKESqRS/b7veV fP0hzFkhlAIwib9Ybb47 =s1nm -----END PGP SIGNATURE-----