Glance

Bug #1449062
Comment #86

Comment 86 for bug 1449062

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-28: Fix merged to glance (stable/mitaka)

#86

Reviewed: https://review.openstack.org/377736
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=c90830d71969f68768d898c1c178489f602214e2
Submitter: Jenkins
Branch: stable/mitaka

commit c90830d71969f68768d898c1c178489f602214e2
Author: Hemanth Makkapati <email address hidden>
Date: Fri Sep 23 09:29:12 2016 -0500

Adding constraints around qemu-img calls

    * All "qemu-img info" calls are now run under resource limitations
      that limit CPU time to 2 seconds and address space usage to 1 GB.
      This helps avoid any DoS attacks via malicious images.
    * All "qemu-img convert" calls now specify the import format so that
      it does not have to be inferred by qemu-img.

SecurityImpact

    Change-Id: Ib900bbc05cb9ccd90c6f56ccb4bf2006e30cdc80
    Closes-Bug: #1449062
    (cherry picked from commit 69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f)