CVE-2013-4185
Published: 7 August 2013
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
Notes
Author | Note |
---|---|
jdstrand | Ubuntu 13.04 has fix in raring-updates |
Priority
Status
Package | Release | Status |
---|---|---|
nova Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(2012.1.3+stable-20130423-e52e6912-0ubuntu1.2)
|
|
quantal |
Released
(2012.2.4-0ubuntu3.1)
|
|
raring |
Released
(1:2013.1.3-0ubuntu1.1)
|
|
saucy |
Not vulnerable
(1:2013.2~rc2-0ubuntu1)
|
|
upstream |
Released
(1:2013.2~rc2)
|
|
Patches: upstream: https://review.openstack.org/39541 upstream: https://review.openstack.org/39543 upstream: https://review.openstack.org/39544 |