Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2013-4179

Published: 8 August 2013

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

Notes

Author	Note
jdstrand	Ubuntu 12.04 LTS and 12.10 not affected per upstream Ubuntu 13.04 has fix in raring-updates

Priority

Status

Package	Release	Status
nova Launchpad, Ubuntu, Debian	upstream	Released (1:2013.2)
	lucid	Does not exist
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Released (1:2013.1.3-0ubuntu1.1)
	saucy	Not vulnerable (1:2013.2~rc2-0ubuntu1)
	Patches: other: https://bugs.launchpad.net/ossa/+bug/1190229

References

Bugs

http://launchpad.net/bugs/1190229

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading