Bug 814275 - CVE-2012-2101 openstack-nova: No quota enforced on security group rules [fedora-17]
CVE-2012-2101 openstack-nova: No quota enforced on security group rules [fedo...
Product: Fedora
Classification: Fedora
Component: openstack-nova (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Pádraig Brady
Fedora Extras Quality Assurance
: Security, SecurityTracking
Depends On:
Blocks: CVE-2012-2101
  Show dependency treegraph
Reported: 2012-04-19 10:09 EDT by Pádraig Brady
Modified: 2016-01-04 09:42 EST (History)
13 users (show)

See Also:
Fixed In Version: openstack-nova-2012.1-2.fc17
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-02 00:45:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Pádraig Brady 2012-04-19 10:09:41 EDT
please see the bug #813768 for more details on this vulnerability
Comment 1 Jan Lieskovsky 2012-04-19 12:37:33 EDT
Thank you for this bug report, Pádraig. Have opened #813768 for public audience.

From what I can tell from looking at the proposed upstream patch:

this issue would affect the versions of the openstack-nova package, as shipped with Fedora release of 16 and Fedora EPEL 6 (though the proposed patch would need to be backported to apply gracefully against these versions). Are these assumptions correct? Could you confirm that? (so I could create trackers for Fedora-16 and Fedora EPEL-6 openstack-nova package versions too).

Thank you, Jan.
Comment 2 Fedora Update System 2012-04-19 16:01:19 EDT
openstack-nova-2012.1-2.fc17 has been submitted as an update for Fedora 17.
Comment 3 Fedora Update System 2012-04-20 02:03:21 EDT
Package openstack-nova-2012.1-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openstack-nova-2012.1-2.fc17'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2012-05-02 00:45:59 EDT
openstack-nova-2012.1-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.