ALT Linux Team

Package openstack-nova update in sisyphus on 2016-03-28

ALT-PU-2016-3275-1

Package openstack-nova updated to version 12.0.2-alt1 for branch sisyphus in task 162066.

Closed vulnerabilities

Published: 2016-01-12
Modified: 2025-04-12

CVE-2015-7548

OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.

Severity: LOW (2.1)Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N
Severity: LOW (3.5)Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
References:
Published: 2016-01-15
Modified: 2025-04-12

CVE-2015-8749

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.9)Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2022-05-14
Modified: 2024-05-15

GHSA-c36r-g737-9qp8

OpenStack Nova Potential Xen connection password leak via StorageError

Severity: MEDIUM (5.9)Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top