USN-1545-1: Nova vulnerability
22 August 2012
Nova could be made to overwrite or corrupt arbitrary files in the compute host file system.
Releases
Packages
- nova - OpenStack Compute cloud infrastructure
Details
Padraig Brady discovered that the fix for CVE-2012-3361 was incomplete and
an authenticated user could still corrupt arbitrary files on the host
running Nova. A remote attacker could use this to cause a denial of service
or possibly gain privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04
Ubuntu 11.10
In general, a standard system update will make all the necessary changes.