yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #28177
[Bug 1398830] Re: [OSSA 2015-003] Glance image leak when in saving state (CVE-2014-9623)
** Changed in: glance
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1398830
Title:
[OSSA 2015-003] Glance image leak when in saving state (CVE-2014-9623)
Status in OpenStack Image Registry and Delivery Service (Glance):
Fix Released
Status in Glance icehouse series:
Fix Committed
Status in Glance juno series:
Fix Committed
Status in OpenStack Security Advisories:
Fix Released
Bug description:
Tushar Patil reported that
https://bugs.launchpad.net/glance/+bug/1383973 can be leverage to
conduct a denial of service attack on Glance backend store.
The image in saving state is not taken into account by global quota
enforcement.
Attached is a script to reproduce the behavior:
Steps to reproduce (tested on file backend store)
1. Check how many images are present in the directory that the Filesystem backend store write the image data to (filesystem_store_datadir parameter).
2. Run the program for 1 hour
3. Again count images (step 1), it should be the same as recorded in Step 1.
We ran this program for 1 hour in our environment.
Before running the program, count of images in the file store (/opt/stack/data/glance/images) was 6.
After running the program for 1 hr,
* Total count of images in the folder /opt/stack/data/glance/images = 806 (it should have been 6)
* Total count of images created = 1014
* Total count of images deleted in saving state = 800
* Total count of images deleted = 1014
Considering the bug is already public, fix should be proposed directly
on gerrit, this new report will let us work on the impact statement
and coordinate the security work in parallel to the public fix being
merged.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1398830/+subscriptions