Launchpad CVE tracker

CVE 2013-2096

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

Related bugs and status

CVE-2013-2096 (Candidate) is related to these bugs:

Bug #1177830: [OSSA 2013-012] Unchecked qcow2 root disk sizes

		In	Importance	Status
1177830	[OSSA 2013-012] Unchecked qcow2 root disk sizes	OpenStack Compute (nova)	Critical	Fix Released
1177830	[OSSA 2013-012] Unchecked qcow2 root disk sizes	OpenStack Compute (nova) grizzly	Critical	Fix Released
1177830	[OSSA 2013-012] Unchecked qcow2 root disk sizes	OpenStack Security Advisory	Undecided	Fix Released
1177830	[OSSA 2013-012] Unchecked qcow2 root disk sizes	OpenStack Compute (nova) havana	Critical	Fix Released

Bug #1179626: Meta bug for tracking Openstack 2013.1.1 Stable Update

		In	Importance	Status
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	nova (Ubuntu)	Undecided	Invalid
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	cinder (Ubuntu)	Undecided	Invalid
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	horizon (Ubuntu)	Undecided	Invalid
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	quantum (Ubuntu)	Undecided	Invalid
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	keystone (Ubuntu)	Undecided	Invalid
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	cinder (Ubuntu Raring)	Undecided	Fix Released
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	horizon (Ubuntu Raring)	Undecided	Fix Released
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	keystone (Ubuntu Raring)	Undecided	Fix Released
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	nova (Ubuntu Raring)	Undecided	Fix Released
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	quantum (Ubuntu Raring)	Undecided	Fix Released
1179626	Meta bug for tracking Openstack 2013.1.1 Stable Update	Ubuntu Cloud Archive	Undecided	Fix Released

Bug #1179707: Meta bug for tracking OpenStack 2012.2.4 Stable Update

		In	Importance	Status
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	nova (Ubuntu)	Undecided	Invalid
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	cinder (Ubuntu)	Undecided	Invalid
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	glance (Ubuntu)	Undecided	Invalid
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	keystone (Ubuntu)	Undecided	Invalid
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	horizon (Ubuntu)	Undecided	Invalid
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	quantum (Ubuntu)	Undecided	Invalid
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	cinder (Ubuntu Quantal)	Undecided	Fix Released
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	glance (Ubuntu Quantal)	Undecided	Fix Released
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	horizon (Ubuntu Quantal)	Undecided	Fix Released
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	keystone (Ubuntu Quantal)	Undecided	Fix Released
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	nova (Ubuntu Quantal)	Undecided	Fix Released
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	quantum (Ubuntu Quantal)	Undecided	Fix Released
1179707	Meta bug for tracking OpenStack 2012.2.4 Stable Update	Ubuntu Cloud Archive	Undecided	Fix Released

Bug #1188788: Meta bug for tracking Openstack 2013.1.2 Stable Update

		In	Importance	Status
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	nova (Ubuntu)	Undecided	Invalid
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	Ubuntu Cloud Archive	Undecided	Fix Released
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	cinder (Ubuntu)	Undecided	Invalid
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	glance (Ubuntu)	Undecided	Invalid
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	keystone (Ubuntu)	Undecided	Invalid
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	horizon (Ubuntu)	Undecided	Invalid
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	quantum (Ubuntu)	Undecided	Invalid
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	cinder (Ubuntu Raring)	Undecided	Fix Released
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	glance (Ubuntu Raring)	Undecided	Fix Released
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	horizon (Ubuntu Raring)	Undecided	Fix Released
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	keystone (Ubuntu Raring)	Undecided	Fix Released
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	nova (Ubuntu Raring)	Undecided	Fix Released
1188788	Meta bug for tracking Openstack 2013.1.2 Stable Update	quantum (Ubuntu Raring)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2096

References