CVE-2013-2096

Publication date 16 May 2013

Last updated 24 July 2024


Ubuntu priority

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

Read the notes from the security team

Status

Package Ubuntu Release Status
nova 13.04 raring
Fixed 1:2013.1-0ubuntu2.1
12.10 quantal
Fixed 2012.2.3-0ubuntu2.1
12.04 LTS precise
Fixed 2012.1.3+stable-20130423-e52e6912-0ubuntu1.1
10.04 LTS lucid Not in release

Notes


jdstrand

the patch for this introduced a regression on Folsom. This was not introduced in the 12.04 LTS backport and was fixed in 2012.2.3-0ubuntu2.2 on Ubuntu 12.10

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
nova

References

Related Ubuntu Security Notices (USN)

    • USN-1831-1
    • OpenStack Nova vulnerability
    • 16 May 2013

Other references