Security Bulletin: OpenStack Cinder/Glance/Nova vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2015-5162)

Summary

IBM Cloud Manager has addressed vulnerabilities in OpenStack Nova/Glance/Cinder.

Vulnerability Details

CVEID: CVE-2015-5162**
DESCRIPTION:** OpenStack Cinder, Glance and Nova are vulnerable to a denial of service, caused by the failure to limit qemu-img calls by the image parser. By using a specially-crafted disk image, a remote authenticated attacker could exploit this vulnerability to consume all available disk space.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118290 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.7
IBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Cloud Manager with OpenStack| 4.3.0| None| IBM Cloud Manager with Openstack 4.3 for fix pack 7:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.7-IBM-CMWO-FP07&source=SAR&function=fixId&parent=ibm/Other%20software
IBM Cloud Manager with OpenStack| 4.1.0| None| IBM Cloud Manager with Openstack 4.1 interim fix 6 for fix pack 5:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.1.0.5-IBM-CMWO-IF006&source=SAR&function=fixId&parent=ibm/Other

Workarounds and Mitigations

None