Ubuntu Update For Nova USN-1831-2 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

USN-1831-1 fixed a vulnerability in OpenStack Nova. The upstream fix introduced a regression where instances using uncached QCOW2 images would fail to start. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk.

Affected

nova on Ubuntu 12.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002126.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for cups USN-2172-1
Ubuntu Update for bogofilter vulnerability USN-980-1
Ubuntu Update for boost vulnerabilities USN-570-1
Ubuntu Update for bind9 vulnerabilities USN-1025-1
Ubuntu Update for apr-util vulnerability USN-1022-1

Ubuntu Update for nova USN-1831-2

Take action and discover your vulnerabilities