[Precise] nova is vulnerable to CVE-2012-1585
Bug #968411 reported by
Tyler Hicks
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nova (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Nova is vulnerable to storage resource exhaustion via the Nova API log file. Invalid requests can be made, using extremely long server names, which result in the log file growing considerably large.
I've addressed this issue in Oneiric and Natty, but need a sponsor for Precise. Debdiff to soon follow.
Related branches
lp://staging/~openstack-ubuntu-testing/nova/precise-essex-proposed
- Chuck Short: Pending requested
-
Diff: 56 lines (+14/-4)3 files modifieddebian/changelog (+8/-0)
debian/control (+6/-3)
debian/nova-console.install (+0/-1)
CVE References
To post a comment you must log in.
Debdif against 2012.1~ rc1-0ubuntu2. Tested using the in-tree test suite. The new tests, added by the patch in the debdiff, successfully pass.