CVE 2012-2101
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.
Related bugs and status
CVE-2012-2101 (Candidate) is related to these bugs:
Bug #754900: [SRU] Nova-manage network delete does not delete from fixed_ips
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
754900 | [SRU] Nova-manage network delete does not delete from fixed_ips | OpenStack Compute (nova) | Medium | Fix Released | ||
754900 | [SRU] Nova-manage network delete does not delete from fixed_ips | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
754900 | [SRU] Nova-manage network delete does not delete from fixed_ips | nova (Ubuntu) | Undecided | Fix Released | ||
754900 | [SRU] Nova-manage network delete does not delete from fixed_ips | nova (Ubuntu Precise) | Undecided | Fix Released |
Bug #952176: [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify"
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
952176 | [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify" | OpenStack Compute (nova) | Medium | Fix Released | ||
952176 | [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify" | nova (Ubuntu) | Undecided | Fix Released | ||
952176 | [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify" | nova (Ubuntu Precise) | Undecided | Fix Released | ||
952176 | [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify" | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #962615: [SRU] Unable to list volumes after building from snapshot
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
962615 | [SRU] Unable to list volumes after building from snapshot | OpenStack Compute (nova) | High | Fix Released | ||
962615 | [SRU] Unable to list volumes after building from snapshot | OpenStack Compute (nova) essex | High | Fix Released | ||
962615 | [SRU] Unable to list volumes after building from snapshot | OpenStack Compute (nova) folsom | High | Fix Released | ||
962615 | [SRU] Unable to list volumes after building from snapshot | nova (Ubuntu) | Undecided | Fix Released | ||
962615 | [SRU] Unable to list volumes after building from snapshot | nova (Ubuntu Precise) | Undecided | Fix Released |
Bug #967931: [SRU] killfilter should handle updated/deleted executables
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
967931 | [SRU] killfilter should handle updated/deleted executables | OpenStack Compute (nova) | Medium | Fix Released | ||
967931 | [SRU] killfilter should handle updated/deleted executables | nova (Ubuntu) | Undecided | Fix Released | ||
967931 | [SRU] killfilter should handle updated/deleted executables | nova (Ubuntu Precise) | Undecided | Fix Released | ||
967931 | [SRU] killfilter should handle updated/deleted executables | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #968843: [SRU] connection leak in rpc connection pool
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
968843 | [SRU] connection leak in rpc connection pool | OpenStack Compute (nova) | High | Fix Released | ||
968843 | [SRU] connection leak in rpc connection pool | nova (Ubuntu) | Undecided | Fix Released | ||
968843 | [SRU] connection leak in rpc connection pool | nova (Ubuntu Precise) | Undecided | Fix Released | ||
968843 | [SRU] connection leak in rpc connection pool | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #969545: missing quotas on security group rules
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
969545 | missing quotas on security group rules | OpenStack Compute (nova) | High | Fix Released | ||
969545 | missing quotas on security group rules | OpenStack Compute (nova) essex | High | Fix Released | ||
969545 | missing quotas on security group rules | nova (Ubuntu) | Undecided | Fix Released | ||
969545 | missing quotas on security group rules | nova (Ubuntu Precise) | Undecided | Fix Released |
Bug #971640: [SRU] public key injection should be configurable
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
971640 | [SRU] public key injection should be configurable | OpenStack Compute (nova) | Medium | Fix Released | ||
971640 | [SRU] public key injection should be configurable | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
971640 | [SRU] public key injection should be configurable | nova (Ubuntu) | Undecided | Fix Released | ||
971640 | [SRU] public key injection should be configurable | nova (Ubuntu Precise) | Undecided | Fix Released | ||
971640 | [SRU] public key injection should be configurable | nova (Ubuntu Quantal) | Undecided | Fix Released |
Bug #973194: [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images.
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
973194 | [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images. | OpenStack Compute (nova) | Medium | Fix Released | ||
973194 | [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images. | nova (Ubuntu) | Undecided | Fix Released | ||
973194 | [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images. | nova (Ubuntu Precise) | Undecided | Fix Released | ||
973194 | [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images. | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #975043: [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
975043 | [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn | OpenStack Compute (nova) | Low | Fix Released | ||
975043 | [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
975043 | [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn | nova (Ubuntu) | Undecided | Fix Released | ||
975043 | [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn | nova (Ubuntu Precise) | Undecided | Fix Released |
Bug #977759: [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
977759 | [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization | OpenStack Compute (nova) | Medium | Fix Released | ||
977759 | [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization | nova (Ubuntu) | Undecided | Fix Released | ||
977759 | [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization | nova (Ubuntu Precise) | Undecided | Fix Released | ||
977759 | [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #983206: [SRU] nova errors when keypair starts with 0XG using EC2 API
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
983206 | [SRU] nova errors when keypair starts with 0XG using EC2 API | OpenStack Compute (nova) | Low | Fix Released | ||
983206 | [SRU] nova errors when keypair starts with 0XG using EC2 API | nova (Ubuntu) | Undecided | Fix Released | ||
983206 | [SRU] nova errors when keypair starts with 0XG using EC2 API | nova (Ubuntu Precise) | Undecided | Fix Released | ||
983206 | [SRU] nova errors when keypair starts with 0XG using EC2 API | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #987335: [SRU] libvit/connection.py missing console_log variable
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
987335 | [SRU] libvit/connection.py missing console_log variable | OpenStack Compute (nova) | Medium | Fix Released | ||
987335 | [SRU] libvit/connection.py missing console_log variable | nova (Ubuntu) | Undecided | Fix Released | ||
987335 | [SRU] libvit/connection.py missing console_log variable | nova (Ubuntu Precise) | Undecided | Fix Released | ||
987335 | [SRU] libvit/connection.py missing console_log variable | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #988615: [SRU] xen: destroy_vdi breaks because session is not passed in
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
988615 | [SRU] xen: destroy_vdi breaks because session is not passed in | OpenStack Compute (nova) | Medium | Fix Released | ||
988615 | [SRU] xen: destroy_vdi breaks because session is not passed in | OpenStack Compute (nova) essex | Medium | Fix Released | ||
988615 | [SRU] xen: destroy_vdi breaks because session is not passed in | nova (Ubuntu) | Undecided | Fix Released | ||
988615 | [SRU] xen: destroy_vdi breaks because session is not passed in | nova (Ubuntu Precise) | Undecided | Fix Released |
Bug #989764: [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
989764 | [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour | OpenStack Compute (nova) | Low | Fix Released | ||
989764 | [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour | nova (Ubuntu) | Undecided | Fix Released | ||
989764 | [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour | nova (Ubuntu Precise) | Undecided | Fix Released | ||
989764 | [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #990237: [sru] libvirt get_console_output: 'instance_name' is not defined
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
990237 | [sru] libvirt get_console_output: 'instance_name' is not defined | OpenStack Compute (nova) | Medium | Fix Released | ||
990237 | [sru] libvirt get_console_output: 'instance_name' is not defined | nova (Ubuntu) | Undecided | Fix Released | ||
990237 | [sru] libvirt get_console_output: 'instance_name' is not defined | nova (Ubuntu Precise) | Undecided | Fix Released | ||
990237 | [sru] libvirt get_console_output: 'instance_name' is not defined | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #992916: [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
992916 | [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17 | OpenStack Compute (nova) | Medium | Fix Released | ||
992916 | [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17 | nova (Ubuntu) | Undecided | Fix Released | ||
992916 | [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17 | nova (Ubuntu Precise) | Undecided | Fix Released | ||
992916 | [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17 | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #993663: [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8'
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
993663 | [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8' | OpenStack Compute (nova) | Medium | Fix Released | ||
993663 | [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8' | nova (Ubuntu) | Undecided | Fix Released | ||
993663 | [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8' | nova (Ubuntu Precise) | Undecided | Fix Released | ||
993663 | [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8' | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #997014: [SRU] Memory is not correctly computed for Xen+libvirt
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
997014 | [SRU] Memory is not correctly computed for Xen+libvirt | OpenStack Compute (nova) | High | Fix Released | ||
997014 | [SRU] Memory is not correctly computed for Xen+libvirt | nova (Ubuntu) | Undecided | Fix Released | ||
997014 | [SRU] Memory is not correctly computed for Xen+libvirt | nova (Ubuntu Precise) | Undecided | Fix Released | ||
997014 | [SRU] Memory is not correctly computed for Xen+libvirt | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
997014 | [SRU] Memory is not correctly computed for Xen+libvirt | nova (CentOS) | Undecided | New |
Bug #1000261: newer `qemu-img info` causes in exception when finding the backing file for qcow2 images
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1000261 | newer `qemu-img info` causes in exception when finding the backing file for qcow2 images | OpenStack Compute (nova) | Medium | Fix Released | ||
1000261 | newer `qemu-img info` causes in exception when finding the backing file for qcow2 images | nova (Ubuntu) | Undecided | Fix Released | ||
1000261 | newer `qemu-img info` causes in exception when finding the backing file for qcow2 images | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #1000403: [SRU] multi scheduler does not handle capabilities updates correctly
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1000403 | [SRU] multi scheduler does not handle capabilities updates correctly | OpenStack Compute (nova) | Low | Fix Released | ||
1000403 | [SRU] multi scheduler does not handle capabilities updates correctly | nova (Ubuntu) | Undecided | Fix Released | ||
1000403 | [SRU] multi scheduler does not handle capabilities updates correctly | nova (Ubuntu Precise) | Undecided | Fix Released | ||
1000403 | [SRU] multi scheduler does not handle capabilities updates correctly | OpenStack Compute (nova) essex | Undecided | Fix Released |
Bug #1010473: [SRU] Tracker for 12.04 Openstack Updates
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1010473 | [SRU] Tracker for 12.04 Openstack Updates | nova (Ubuntu) | High | Fix Released | ||
1010473 | [SRU] Tracker for 12.04 Openstack Updates | glance (Ubuntu) | High | Fix Released | ||
1010473 | [SRU] Tracker for 12.04 Openstack Updates | keystone (Ubuntu) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.