Matthew Booth

**Name of the Vulnerable Software and Affected Versions** instack-undercloud versions 5.3.0 through 7.2.0 **Description** A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. This could allow a local user to conduct a symbolic-link attack, enabling them to overwrite the contents of arbitrary files. **Recommendations** For instack-undercloud version 5.3.0, consider restricting access to temporary files used by pre-install and security policy scripts until a patch is available. For instack-undercloud version 6.1.0, restrict access to temporary files used by pre-install and security policy scripts until a patch is available. For instack-undercloud version 7.2.0, restrict access to temporary files used by pre-install and security policy scripts until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions prior to 2015.1.4 (kilo) OpenStack Compute (Nova) versions 12.0.x prior to 12.0.3 (liberty) **Description** The issue allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk when using raw storage and the use cow images option is set to false. **Recommendations** For OpenStack Compute (Nova) versions prior to 2015.1.4 (kilo), update to version 2015.1.4 or later. For OpenStack Compute (Nova) versions 12.0.x prior to 12.0.3 (liberty), update to version 12.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions prior to 2015.1.3 (kilo) OpenStack Compute (Nova) versions 12.0.x prior to 12.0.1 (liberty) **Description** The issue allows remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot, when using libvirt to spawn instances and `use cow images` is set to `false`. **Recommendations** For OpenStack Compute (Nova) versions prior to 2015.1.3 (kilo), update to version 2015.1.3 or later. For OpenStack Compute (Nova) versions 12.0.x prior to 12.0.1 (liberty), update to version 12.0.1 or later. As a temporary workaround, consider setting `use cow images` to `true` to minimize the risk of exploitation.