CVE-2013-7130

Publication date 6 February 2014

Last updated 24 July 2024


Ubuntu priority

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

Read the notes from the security team

Status

Package Ubuntu Release Status
nova 14.04 LTS trusty Not in release
13.10 saucy
Fixed 1:2013.2.3-0ubuntu1.2
13.04 raring Ignored end of life
12.10 quantal Ignored end of life, was pending
12.04 LTS precise
Fixed 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4
10.04 LTS lucid Not in release

Notes


mdeslaur

OSSA 2014-003


jdstrand

saucy needs no change rebuild for saucy-security Folsom and Essex are affected, but need further backporting

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
nova

References

Related Ubuntu Security Notices (USN)

    • USN-2247-1
    • OpenStack Nova vulnerabilities
    • 17 June 2014

Other references