Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: n...@packages.debian.org
Hi, this proposed update for nova fixes CVE-2013-2096. AFAIK this is just a DoS, so probably not worth a DSA. The fix for sid is pending NEW processing, AIUI. diff -Nru nova-2012.1.1/debian/changelog nova-2012.1.1/debian/changelog --- nova-2012.1.1/debian/changelog 2013-04-10 13:14:21.000000000 +0200 +++ nova-2012.1.1/debian/changelog 2013-07-10 12:10:00.000000000 +0200 @@ -1,3 +1,10 @@ +nova (2012.1.1-18+deb7u1) UNRELEASED; urgency=low + + * CVE-2013-2096: Check QCOW2 image size during root disk creation + (closes: #710157). Apply patch from Jamie Strandboge. + + -- Julien Cristau <julien.cris...@logilab.fr> Fri, 14 Jun 2013 14:02:42 +0200 + nova (2012.1.1-18) unstable; urgency=low * nova-common isn't anymore using /usr/share/doc to store configuration files diff -Nru nova-2012.1.1/debian/patches/CVE-2013-2096_essex.patch nova-2012.1.1/debian/patches/CVE-2013-2096_essex.patch --- nova-2012.1.1/debian/patches/CVE-2013-2096_essex.patch 1970-01-01 01:00:00.000000000 +0100 +++ nova-2012.1.1/debian/patches/CVE-2013-2096_essex.patch 2013-07-10 12:10:00.000000000 +0200 @@ -0,0 +1,31 @@ +Author: Jamie Strandboge <ja...@canonical.com> +Description: Check QCOW2 image size during root disk creation + glance can only tell us the size of the file, not the virtual + size of the QCOW2. As such we need to check the virtual size of + the image once its cached and ensure it's <= to the flavor's + root disk size. Based on I833467284126557eb598b8350a84e10c06292fa9 +Bug: https://launchpad.net/bugs/1177830 + +Index: nova/nova/virt/libvirt/connection.py +=================================================================== +--- nova.orig/nova/virt/libvirt/connection.py ++++ nova/nova/virt/libvirt/connection.py +@@ -1125,6 +1125,18 @@ class LibvirtConnection(driver.ComputeDr + if cow: + cow_base = base + if size: ++ # NOTE(cfb): Having a flavor that sets the root size to ++ # 0 and having nova effectively ignore that ++ # size and use the size of the image is ++ # considered a feature at this time, not a ++ # bug. ++ if os.path.exists(cow_base) and \ ++ size < disk.get_image_virtual_size(cow_base): ++ LOG.error(_("%(base)s virtual size larger than " ++ "flavor root disk size %(size)s" % ++ {'base': cow_base, 'size': size})) ++ raise exception.ImageTooLarge() ++ + size_gb = size / (1024 * 1024 * 1024) + cow_base += "_%d" % size_gb + if not os.path.exists(cow_base): diff -Nru nova-2012.1.1/debian/patches/series nova-2012.1.1/debian/patches/series --- nova-2012.1.1/debian/patches/series 2013-04-10 13:14:21.000000000 +0200 +++ nova-2012.1.1/debian/patches/series 2013-07-10 12:10:00.000000000 +0200 @@ -12,3 +12,4 @@ CVE-2013-0335_VNC-unit-tests-fixes.patch CVE-2013-1838-Nova_DoS_by_allocating_all_Fixed_IPs_essex.patch Fixed_broken_vncproxy_flush_tokens.patch +CVE-2013-2096_essex.patch Cheers, Julien -- Julien Cristau <julien.cris...@logilab.fr> Logilab http://www.logilab.fr/ Informatique scientifique & gestion de connaissances -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
