Bug 1000086 - (CVE-2013-4278) CVE-2013-4278 OpenStack: Nova private flavors resource limit circumvention incomplete fix for CVE-2013-2256
CVE-2013-4278 OpenStack: Nova private flavors resource limit circumvention in...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130820,repor...
: Security
Depends On: 993343 993412 994715 994809 994810 1000087 1000088 1000089 1000090 1000091
Blocks: 993341
  Show dependency treegraph
 
Reported: 2013-08-22 11:56 EDT by Kurt Seifried
Modified: 2016-04-26 17:00 EDT (History)
30 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-23 16:14:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2013-08-22 11:56:15 EDT
Vincent Danen (vdanen@redhat.com) reports:

The previous fix was insufficient and did not fully fix the flaw, as noted here:

https://bugs.launchpad.net/ossa/+bug/1212179

The patch to fully correct this flaw is here (I believe it would be in addition to previously-mentioned patches):

https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9
Comment 2 Kurt Seifried 2013-08-22 12:01:06 EDT
Created openstack-nova tracking bugs for this issue:

Affects: fedora-all [bug 1000087]
Affects: epel-6 [bug 1000088]
Comment 3 Vincent Danen 2013-08-23 16:14:04 EDT
Statement:

Not vulnerable.  Red Hat did not release the incomplete fix for CVE-2013-2256 in any products.

Note You need to log in before you can comment on or make changes to this bug.