Red Hat Bugzilla – Bug 814275
CVE-2012-2101 openstack-nova: No quota enforced on security group rules [fedora-17]
Last modified: 2016-01-04 09:42:25 EST
please see the bug #813768 for more details on this vulnerability
Thank you for this bug report, Pádraig. Have opened #813768 for public audience.
From what I can tell from looking at the proposed upstream patch:
this issue would affect the versions of the openstack-nova package, as shipped with Fedora release of 16 and Fedora EPEL 6 (though the proposed patch would need to be backported to apply gracefully against these versions). Are these assumptions correct? Could you confirm that? (so I could create trackers for Fedora-16 and Fedora EPEL-6 openstack-nova package versions too).
Thank you, Jan.
openstack-nova-2012.1-2.fc17 has been submitted as an update for Fedora 17.
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openstack-nova-2012.1-2.fc17'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
openstack-nova-2012.1-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.