CVE-2015-5162

Name of the Vulnerable Software and Affected Versions OpenStack Cinder versions 7.0.0 through 7.0.1 and 8.0.0 through 8.1.1 and prior to 9.0.0 OpenStack Glance versions prior to 11.0.1 and 12.0.0 and prior to 14.0.0 OpenStack Nova versions prior to 12.0.4 and 13.0.0

Description The image parser in OpenStack does not properly limit qemu-img calls, which might allow attackers to cause a denial of service via a crafted disk image, leading to memory and disk consumption.

Recommendations For OpenStack Cinder versions 7.0.0 through 7.0.1, update to version 7.0.2 or 9.0.0. For OpenStack Cinder versions 8.0.0 through 8.1.1, update to version 9.0.0. For OpenStack Glance versions prior to 11.0.1, update to version 11.0.1 or 14.0.0. For OpenStack Glance versions 12.0.0 but prior to 14.0.0, update to version 14.0.0. For OpenStack Nova versions prior to 12.0.4, update to version 12.0.4. For OpenStack Nova versions 13.0.0, no specific fix is mentioned, consider updating to a newer version if available.