[Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

OpenStack Infra Wed, 28 Sep 2016 06:08:37 -0700

Reviewed:  https://review.openstack.org/377736
Committed: 
https://git.openstack.org/cgit/openstack/glance/commit/?id=c90830d71969f68768d898c1c178489f602214e2
Submitter: Jenkins
Branch:    stable/mitaka


commit c90830d71969f68768d898c1c178489f602214e2
Author: Hemanth Makkapati <hemanth.makkap...@rackspace.com>
Date:   Fri Sep 23 09:29:12 2016 -0500

    Adding constraints around qemu-img calls
    
    * All "qemu-img info" calls are now run under resource limitations
      that limit CPU time to 2 seconds and address space usage to 1 GB.
      This helps avoid any DoS attacks via malicious images.
    * All "qemu-img convert" calls now specify the import format so that
      it does not have to be inferred by qemu-img.
    
    SecurityImpact
    
    Change-Id: Ib900bbc05cb9ccd90c6f56ccb4bf2006e30cdc80
    Closes-Bug: #1449062
    (cherry picked from commit 69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f)


** Changed in: cinder/mitaka
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1449062

Title:
  qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1449062/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

Reply via email to