1
PublicDateAtUSN: 2013-08-22
2
Candidate: CVE-2013-4261
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4261
6
https://bugzilla.redhat.com/show_bug.cgi?id=999164
7
https://bugs.launchpad.net/nova/+bug/1215091
8
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4261
9
https://bugs.launchpad.net/nova/+bug/1175808
10
https://usn.ubuntu.com/usn/usn-2000-1
12
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache
13
Qpid for the RPC backend, does not properly handle errors that occur during
14
messaging, which allows remote attackers to cause a denial of service
15
(connection pool consumption), as demonstrated using multiple requests that
16
send long strings to an instance console and retrieving the console log.
19
jdstrand> Ubuntu 13.04 has fix in raring-updates
20
jdstrand> backward-compatibility breaking change deemed too intrusive for
24
Discovered-by: Jaroslav Henner
28
upstream_nova: released (1:2013.2~rc2)
32
raring_nova: released (1:2013.1.3-0ubuntu1.1)
33
saucy_nova: not-affected (1:2013.2~rc2-0ubuntu1)
34
devel_nova: not-affected (1:2013.2~rc2-0ubuntu1)