USN-1438-1: Nova vulnerability

03 May 2012

Nova could be made to crash the system under certain conditions.

Releases

Packages

  • nova - OpenStack Compute cloud infrastructure

Details

Dan Prince discovered that Nova did not enforce quotas for security groups
and rules added to security groups. An authenticated user could exploit
this to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04
Ubuntu 11.10

In general, a standard system update will make all the necessary changes.

References