CVE-2013-6491

Publication date 1 February 2014

Last updated 24 July 2024


Ubuntu priority

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

Status

Package Ubuntu Release Status
cinder 14.04 LTS trusty Not in release
13.10 saucy
Not affected
12.10 quantal
Fixed 2012.2.4-0ubuntu1.1
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
keystone 14.04 LTS trusty Not in release
13.10 saucy
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release
neutron 14.04 LTS trusty Not in release
13.10 saucy
Not affected
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
nova 14.04 LTS trusty Not in release
13.10 saucy
Not affected
12.10 quantal Ignored end of life, was pending
12.04 LTS precise
Fixed 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4
10.04 LTS lucid Not in release
quantum 14.04 LTS trusty Not in release
13.10 saucy Not in release
12.10 quantal
Fixed 2012.2.4-0ubuntu1.1
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
nova

References

Related Ubuntu Security Notices (USN)

    • USN-2247-1
    • OpenStack Nova vulnerabilities
    • 17 June 2014
    • USN-2208-1
    • OpenStack Cinder vulnerability
    • 6 May 2014
    • USN-2208-2
    • OpenStack Quantum vulnerability
    • 6 May 2014

Other references