Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-1851

Published: 25 June 2015

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Notes

Author	Note
mdeslaur	not going to be fixed before 14.10 goes EoL

Priority

Status

Package	Release	Status
cinder Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [1:2014.1.5-0ubuntu1])
	upstream	Released (2014.1.5,2014.2.4,2015.1.1)
	utopic	Ignored (reached end-of-life)
	vivid	Released (1:2015.1.0-0ubuntu1.1)
	Patches: upstream: https://review.openstack.org/191786 (kilo)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading