[Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

OpenStack Infra Fri, 23 Sep 2016 10:07:26 -0700

Reviewed:  https://review.openstack.org/375102
Committed: 
https://git.openstack.org/cgit/openstack/cinder/commit/?id=8547444775e406a50d9d26a0003e9ba6554b0d70
Submitter: Jenkins
Branch:    stable/newton


commit 8547444775e406a50d9d26a0003e9ba6554b0d70
Author: Sean McGinnis <sean_mcgin...@dell.com>
Date:   Thu Sep 22 15:31:37 2016 -0500

    Limit memory & CPU when running qemu-img info
    
    It was found that a modified or corrupted image file can cause a DoS
    on the host when getting image info with qemu-img.
    
    This uses the newer 'prlimit' parameter for oslo.concurrency execute
    to set an address space limit of 1GB and CPU time limit of 2 seconds
    when running the qemu-img info command.
    
    Change-Id: If5b7129b266ef065642bc7898ce9dcf93722a053
    Closes-bug: #1449062
    (cherry picked from commit 78f17f0ad79380ee3d9c50f2670252bcc559b62b)


** Changed in: glance/newton
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1449062

Title:
  qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1449062/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

Reply via email to