This just made public upstream: Prevent potential directory traversal with malicious EC2 image tarballs, by making sure the tarfile is safe before unpacking it. Fixes bug 894755 Prevent potential directory traversal with malicious file names in EC2 image manifests. Fixes bug 885167 See also: https://review.openstack.org/#change,2284 https://bugs.launchpad.net/bugs/cve/2011-4596
Created openstack-nova tracking bugs for this issue Affects: fedora-16 [bug 767251]
openstack-nova-2011.3-13.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.