USN-1497-1: Nova vulnerabilities

3 July 2012

Nova could be made to overwrite or corrupt arbitrary files in the compute host file system.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • nova - OpenStack Compute cloud infrastructure

Details

Matthias Weckbecker discovered that, when using the OpenStack API to
setup libvirt-based hypervisors, an authenticated user could inject
files in arbitrary locations on the file system of the host running
Nova. A remote attacker could use this to gain root privileges. This
issue only affects Ubuntu 12.04 LTS. (CVE-2012-3360)

Pádraig Brady discovered that an authenticated user could corrupt
arbitrary files of the host running Nova. A remote attacker could
use this to cause a denial of service or possibly gain privileges.
(CVE-2012-3361)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04
Ubuntu 11.10

In general, a standard system update will make all the necessary changes.