Bug#715552: marked as done (pu: package nova/2012.1.1-18+deb7u1)

[Debian Bug Tracking System]

Your message dated Mon, 30 Sep 2013 01:41:20 +0200
with message-id <20130929234120.gi3...@mraw.org>
and subject line Re: Bug#715552: pu: package nova/2012.1.1-18+deb7u1
has caused the Debian Bug report #715552,
regarding pu: package nova/2012.1.1-18+deb7u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
715552: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: n...@packages.debian.org

Hi,

this proposed update for nova fixes CVE-2013-2096.  AFAIK this is just a
DoS, so probably not worth a DSA.
The fix for sid is pending NEW processing, AIUI.

diff -Nru nova-2012.1.1/debian/changelog nova-2012.1.1/debian/changelog
--- nova-2012.1.1/debian/changelog      2013-04-10 13:14:21.000000000 +0200
+++ nova-2012.1.1/debian/changelog      2013-07-10 12:10:00.000000000 +0200
@@ -1,3 +1,10 @@
+nova (2012.1.1-18+deb7u1) UNRELEASED; urgency=low
+
+  * CVE-2013-2096: Check QCOW2 image size during root disk creation
+    (closes: #710157).  Apply patch from Jamie Strandboge.
+
+ -- Julien Cristau <julien.cris...@logilab.fr>  Fri, 14 Jun 2013 14:02:42 +0200
+
 nova (2012.1.1-18) unstable; urgency=low
 
   * nova-common isn't anymore using /usr/share/doc to store configuration files
diff -Nru nova-2012.1.1/debian/patches/CVE-2013-2096_essex.patch 
nova-2012.1.1/debian/patches/CVE-2013-2096_essex.patch
--- nova-2012.1.1/debian/patches/CVE-2013-2096_essex.patch      1970-01-01 
01:00:00.000000000 +0100
+++ nova-2012.1.1/debian/patches/CVE-2013-2096_essex.patch      2013-07-10 
12:10:00.000000000 +0200
@@ -0,0 +1,31 @@
+Author: Jamie Strandboge <ja...@canonical.com>
+Description: Check QCOW2 image size during root disk creation
+ glance can only tell us the size of the file, not the virtual
+ size of the QCOW2. As such we need to check the virtual size of
+ the image once its cached and ensure it's <= to the flavor's
+ root disk size. Based on I833467284126557eb598b8350a84e10c06292fa9
+Bug: https://launchpad.net/bugs/1177830
+
+Index: nova/nova/virt/libvirt/connection.py
+===================================================================
+--- nova.orig/nova/virt/libvirt/connection.py
++++ nova/nova/virt/libvirt/connection.py
+@@ -1125,6 +1125,18 @@ class LibvirtConnection(driver.ComputeDr
+                 if cow:
+                     cow_base = base
+                     if size:
++                        # NOTE(cfb): Having a flavor that sets the root size 
to
++                        #            0 and having nova effectively ignore that
++                        #            size and use the size of the image is
++                        #            considered a feature at this time, not a
++                        #            bug.
++                        if os.path.exists(cow_base) and \
++                                size < disk.get_image_virtual_size(cow_base):
++                            LOG.error(_("%(base)s virtual size larger than "
++                                        "flavor root disk size %(size)s" %
++                                        {'base': cow_base, 'size': size}))
++                            raise exception.ImageTooLarge()
++
+                         size_gb = size / (1024 * 1024 * 1024)
+                         cow_base += "_%d" % size_gb
+                         if not os.path.exists(cow_base):
diff -Nru nova-2012.1.1/debian/patches/series 
nova-2012.1.1/debian/patches/series
--- nova-2012.1.1/debian/patches/series 2013-04-10 13:14:21.000000000 +0200
+++ nova-2012.1.1/debian/patches/series 2013-07-10 12:10:00.000000000 +0200
@@ -12,3 +12,4 @@
 CVE-2013-0335_VNC-unit-tests-fixes.patch
 CVE-2013-1838-Nova_DoS_by_allocating_all_Fixed_IPs_essex.patch
 Fixed_broken_vncproxy_flush_tokens.patch
+CVE-2013-2096_essex.patch

Cheers,
Julien
-- 
Julien Cristau          <julien.cris...@logilab.fr>
Logilab                 http://www.logilab.fr/
Informatique scientifique & gestion de connaissances

--- End Message ---

--- Begin Message ---

Cyril Brulebois <k...@debian.org> (2013-09-30):
> Adam D. Barratt <a...@adam-barratt.org.uk> (2013-08-10):
> > Control: tags -1 + confirmed
> > 
> > On Wed, 2013-07-10 at 14:09 +0200, Julien Cristau wrote:
> > > this proposed update for nova fixes CVE-2013-2096.  AFAIK this is just a
> > > DoS, so probably not worth a DSA.
> > > The fix for sid is pending NEW processing, AIUI.
> 
> The fix is now in, apparently; also, it looks like the BTS wants to be told
> wheezy is affected as well.
> 
> > Please go ahead; sorry for the delay.
> 
> Ping? :)

Bah, forgot about #719632, let's keep track of nova there; closing this
pu request accordingly.

Mraw,
KiBi.

signature.asc
Description: Digital signature

--- End Message ---