Bug 1000086 (CVE-2013-4278) - CVE-2013-4278 OpenStack: Nova private flavors resource limit circumvention incomplete fix for CVE-2013-2256
Summary: CVE-2013-4278 OpenStack: Nova private flavors resource limit circumvention in...
Alias: CVE-2013-4278
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=moderate,public=20130820,repor...
Keywords: Security
Depends On: 993343 993412 994715 994809 994810 1000087 1000088 1000089 1000090 1000091
Blocks: 993341
TreeView+ depends on / blocked
Reported: 2013-08-22 15:56 UTC by Kurt Seifried
Modified: 2016-04-26 21:00 UTC (History)
30 users (show)

Clone Of:
Last Closed: 2013-08-23 20:14:04 UTC

Attachments (Terms of Use)

Description Kurt Seifried 2013-08-22 15:56:15 UTC
Vincent Danen (vdanen@redhat.com) reports:

The previous fix was insufficient and did not fully fix the flaw, as noted here:


The patch to fully correct this flaw is here (I believe it would be in addition to previously-mentioned patches):


Comment 2 Kurt Seifried 2013-08-22 16:01:06 UTC
Created openstack-nova tracking bugs for this issue:

Affects: fedora-all [bug 1000087]
Affects: epel-6 [bug 1000088]

Comment 3 Vincent Danen 2013-08-23 20:14:04 UTC

Not vulnerable.  Red Hat did not release the incomplete fix for CVE-2013-2256 in any products.

Note You need to log in before you can comment on or make changes to this bug.