Comment 12 for bug 1177830
Revision history for this message
| Michael Still (mikal) wrote Re: Unchecked qcow2 root disk sizes | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Hi. So, it seems that we don't have a Folsom patch yet? Is anyone working on that? I also propose the following advisory. What do people think?
*****
OpenStack Security Advisory: 2013-XXX
CVE: Not yet assigned
Date: May 14, 2013
Title: Nova fails to verify image virtual size
Reporter: Loganathan Parthipan
Products: Nova
Affects: All versions
Loganathan Parthipan publicly reported a vulnerability in Nova. Nova did not
implement checking for the virtual size of a qcow2 image used as ephemeral
storage for instances. It is therefore possible for a user to create an image
which has a large virtual size, but little data. Once the instance is created,
the user can then proceed to fill the virtual disk, and consume all available
disk on the host node filesystem.
Havana (development branch) fix:
https:/
Grizzly fix:
https:/
Folsom fix:
No patch yet
References:
https:/