CVE-2013-6491

Published: 01 February 2014

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

Priority

Medium

Status

Package Release Status
cinder
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
keystone
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
neutron
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
nova
Launchpad, Ubuntu, Debian
Upstream
Released (2013.2.b3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1:2014.1~b3-0ubuntu2])
Patches:
Upstream: https://github.com/openstack/oslo-incubator/commit/ad04e5787a4a651e59636ae7bb28dd9a0b2ee63f (grizzly)
quantum
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist