USN-1413-1: Nova vulnerability

29 March 2012

Nova log files could be made to exhaust storage resources.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • nova - OpenStack Compute cloud infrastructure

Details

Dan Prince discovered that Nova did not properly perform input validation on
the length of server names. An authenticated attacker could issue requests
using long server names to exhaust the storage resources containing the Nova
API log file.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10

In general, a standard system update will make all the necessary changes.

References