Your submission was sent successfully! Close

CVE-2014-0134

Published: 8 May 2014

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

Priority

Medium

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian 		lucid Does not exist

precise Not vulnerable

quantal Not vulnerable

saucy
Released (1:2013.2.3-0ubuntu1.2)
trusty Does not exist
(trusty was not-affected)
upstream
Released (2013.2.2-4)

Notes

AuthorNote
jdstrand 
1:2013.2.3-0ubuntu1 is now in saucy-updates
introduced in grizzly

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading