Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2013-4261

Published: 22 August 2013

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.

Notes

AuthorNote
jdstrand 
Ubuntu 13.04 has fix in raring-updates
backward-compatibility breaking change deemed too intrusive for
stable release update

Priority

Low

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian 		upstream
Released (1:2013.2~rc2)
lucid Does not exist

precise Ignored

quantal Ignored

raring
Released (1:2013.1.3-0ubuntu1.1)
saucy Not vulnerable
(1:2013.2~rc2-0ubuntu1)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading