CVE-2013-2096

Publication date 16 May 2013

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
nova 13.04 raring
Fixed 1:2013.1-0ubuntu2.1
12.10 quantal
Fixed 2012.2.3-0ubuntu2.1
12.04 LTS precise
Fixed 2012.1.3+stable-20130423-e52e6912-0ubuntu1.1
10.04 LTS lucid Not in release

Notes

jdstrand

the patch for this introduced a regression on Folsom. This was not introduced in the 12.04 LTS backport and was fixed in 2012.2.3-0ubuntu2.2 on Ubuntu 12.10

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
nova

References

Related Ubuntu Security Notices (USN)

    • USN-1831-1
    • OpenStack Nova vulnerability
    • 16 May 2013

Other references