Launchpad.net

CVE 2015-1850

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none.

Related bugs and status

CVE-2015-1850 (Candidate) is related to these bugs:

Bug #1415087: [OSSA 2015-011] Format-guessing and file disclosure in image convert (CVE-2015-1850, CVE-2015-1851)

		In	Importance	Status
1415087	[OSSA 2015-011] Format-guessing and file disclosure in image convert (CVE-2015-1850, CVE-2015-1851)	Cinder	High	Fix Released
1415087	[OSSA 2015-011] Format-guessing and file disclosure in image convert (CVE-2015-1850, CVE-2015-1851)	OpenStack Security Advisory	High	Fix Released
1415087	[OSSA 2015-011] Format-guessing and file disclosure in image convert (CVE-2015-1850, CVE-2015-1851)	OpenStack Compute (nova)	High	Invalid
1415087	[OSSA 2015-011] Format-guessing and file disclosure in image convert (CVE-2015-1850, CVE-2015-1851)	Cinder icehouse	High	Fix Released
1415087	[OSSA 2015-011] Format-guessing and file disclosure in image convert (CVE-2015-1850, CVE-2015-1851)	Cinder juno	High	Fix Released
1415087	[OSSA 2015-011] Format-guessing and file disclosure in image convert (CVE-2015-1850, CVE-2015-1851)	Cinder kilo	High	Fix Released

Bug #1449062: [OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

		In	Importance	Status
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	OpenStack Security Advisory	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	OpenStack Compute (nova)	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	python-oslo.concurrency (Ubuntu)	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	python-oslo.concurrency (Ubuntu Yakkety)	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	python-oslo.concurrency (Ubuntu Xenial)	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	python-oslo.concurrency (Ubuntu Wily)	Medium	Fix Committed
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Ubuntu Cloud Archive	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Ubuntu Cloud Archive liberty	Medium	Fix Committed
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Ubuntu Cloud Archive newton	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Ubuntu Cloud Archive mitaka	Medium	Fix Committed
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Cinder	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Cinder mitaka	Undecided	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Cinder newton	Medium	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Glance	High	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Glance mitaka	High	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Glance liberty	Undecided	Fix Released
1449062	[OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	Glance newton	Critical	Fix Released

Bug #1465333: Format-guessing and file disclosure in image convert (CVE-2015-1850)

		In	Importance	Status
1465333	Format-guessing and file disclosure in image convert (CVE-2015-1850)	Mirantis OpenStack	Critical	Fix Released
1465333	Format-guessing and file disclosure in image convert (CVE-2015-1850)	Mirantis OpenStack 6.0.x	Critical	Fix Released
1465333	Format-guessing and file disclosure in image convert (CVE-2015-1850)	Mirantis OpenStack 5.1.x	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://access.redhat....
MLIST: https://bugzilla.redha...