Summary: | <sys-cluster/nova-{2012.2.4-r8,2013.1.3-r5}: console-log DoS (CVE-2013-4261) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=999271 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-08-22 20:26:01 UTC
Proposed patch upstream: https://review.openstack.org/#/c/43303/ oh, fixed in cvs, removing myself from cc 12 Sep 2013; Matthew Thode <prometheanfire@gentoo.org> +files/2012.2.4-CVE-2013-4278.patch, +files/2013.1.3-CVE-2013-4278.patch, +nova-2012.2.4-r8.ebuild, +nova-2013.1.3-r5.ebuild, -nova-2012.2.4-r7.ebuild, -nova-2013.1.3-r4.ebuild: fix for CVE-2013-4278 for bug 482144 Package was never stable, closing as noglsa CVE-2013-4261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4261): OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. |