From ${URL} : Description Two vulnerabilities have been reported in OpenStack Compute (Nova), which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An error when handling access restrictions on private flavors can be exploited by tenants to view and boot any other tenant's private flavors. 2) An error within the handling of network source security group policy updates can be exploited to render the service unusable by performing a large number of server creation operations. The vulnerabilities are reported in versions Grizzly (2013.1.2) and Folsom (2012.2.4). Solution: Fixed in the repository. Provided and/or discovered by: The vendor credits: 1) hzrandd, NetEase 2) Vishvananda Ishaya, Nebula Original Advisory: http://www.openwall.com/lists/oss-security/2013/08/06/3 http://www.openwall.com/lists/oss-security/2013/08/06/4 https://bugs.launchpad.net/nova/+bug/1194093 https://bugs.launchpad.net/nova/+bug/1184041 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
nova-2012.2.4-r4 has the fix nova-2013.1.3 has the fix badness removed from tree This is valid for the following CVEs CVE-2013-2256 and CVE-2013-4185 I'm removing myself from CC, if you feel I should be re-added just re-add me and let me know why. This bug should be closable
Okay, we're done then. Closing.
CVE-2013-2256 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2256): OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
CVE-2013-4185 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4185): Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
