CVE-2015-1851

Published: 25 June 2015

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Priority

Medium

Status

Package Release Status
cinder
Launchpad, Ubuntu, Debian
Upstream
Released (2014.1.5,2014.2.4,2015.1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1:2014.1.5-0ubuntu1])
Patches:
Upstream: https://review.openstack.org/191786 (kilo)