PT-2016-3669 · Openstack +2 · Openstack Nova +4

Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions 7.0.0 through 7.0.1 and 8.0.0 through 8.1.1 and prior to 9.0.0 OpenStack Glance versions prior to 11.0.1 and 12.0.0 and prior to 14.0.0 OpenStack Nova versions prior to 12.0.4 and 13.0.0 Description: The image parser...

OpenStack Nova Denial of Service Vulnerability (CNVD-2016-08221)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Nova is one of the cloud computing construct controllers written in Python. It is part of the IaaS system. A denial of service vulnerability...

SUSE-SU-2016:2325-1 Security update for openstack-keystone, openstack-nova, and openstack-swift

This update for openstack-keystone, openstack-nova, and openstack-swift fixes the following issues: - Fix hybrid backend from keystone v3 bsc967356 - Fix cleanup when block migration fails bsc960015 - Avoid host data leak bsc960601, CVE-2015-7548 - Fix init script for openstack-swift-object-expir...

IBM PowerVC Information Disclosure Vulnerability (CNVD-2016-05956)

IBM PowerVC is a suite of virtualization management solutions. IBM PowerVC is affected by the OpenStack Nova information disclosure vulnerability. A local attacker can exploit the vulnerability to read arbitrary files from the host via qcow2 support for file overwrite image conversion...

DEBIAN-CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

UBUNTU-CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

openstack-nova: Host data leak through resize/migration

An information-exposure flaw was found in the OpenStack Compute nova resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content o...

openstack-nova: Host data leak through resize/migration

An information-exposure flaw was found in the OpenStack Compute nova resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content o...

Important: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

openstack-nova: Host data leak through resize/migration

An information-exposure flaw was found in the OpenStack Compute nova resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content o...

DEBIAN-CVE-2015-8749

The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...

UBUNTU-CVE-2015-8749

The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...

openstack-nova: Unprivileged API user can access host data using instance snapshot

A flaw was discovered in the OpenStack Compute nova snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw...

openstack-nova: network security group changes are not applied to running instances

A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...

openstack-nova: Unprivileged API user can access host data using instance snapshot

A flaw was discovered in the OpenStack Compute nova snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw...

openstack-nova: network security group changes are not applied to running instances

A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...

OpenStack Nova Local Information Disclosure Vulnerability (CNVD-2015-08535)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Nova is one of the cloud computing construct controllers written in Python. It is part of the IaaS system. A local information disclosure...

openstack-nova: network security group changes are not applied to running instances

A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...

SUSE-SU-2015:2220-1 Security update for openstack-nova and openstack-neutron

This update for openstack-nova and openstack-neutron provides various fixes and improvements. openstack-nova: - Fix instance filtering. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector information. - Added...

SUSE-SU-2015:2219-1 Security update for openstack-nova

This update for openstack-nova provides various fixes and improvements: - Fix regression where launched instances in tenants not visible for other users. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector...