CVE-2013-4185

Publication date 7 August 2013

Last updated 24 July 2024

Ubuntu priority

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
nova	13.10 saucy	Not affected
	13.04 raring	Fixed 1:2013.1.3-0ubuntu1.1
	12.10 quantal	Fixed 2012.2.4-0ubuntu3.1
	12.04 LTS precise	Fixed 2012.1.3+stable-20130423-e52e6912-0ubuntu1.2
	10.04 LTS lucid	Not in release

Notes

jdstrand

Ubuntu 13.04 has fix in raring-updates

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
nova	Upstream: https://review.openstack.org/39541 Upstream: https://review.openstack.org/39543 Upstream: https://review.openstack.org/39544

References

Related Ubuntu Security Notices (USN)