Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu 11.10 Critical: USN-1305-1 Nova File Overwrite Issue

Calendar Dec 13, 2011 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical file overwrite input validation ubuntu cloud infrastructure nova
Nova could be made to overwrite files. 
=========================================================================Ubuntu Security Notice USN-1305-1
December 13, 2011

nova vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Nova could be made to overwrite files.

Software Description:
- nova: OpenStack Compute cloud infrastructure

Details:

David Black discovered that Nova did not properly perform input validation
during image registration. An attacker could exploit this by registering a
crafted image using the EC2 API or S3/RegisterImage method and overwrite
files as the nova user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  python-nova                     2011.3-0ubuntu6.3

In general, a standard system update will make all the necessary changes.

References:
  
  CVE-2011-4596

Package Information:
  https://launchpad.net/ubuntu/+source/nova/2011.3-0ubuntu6.3

Ubuntu 11.10 Critical: USN-1305-1 Nova File Overwrite Issue

ubuntu
Calendar Grey December 13, 2011
Dist Ubuntu Esm H88
The Nova vulnerability in Ubuntu 11.10 presents serious risks tied to data overwrite, allowing potential unauthorized access to sensitive data. Users must urgently install the latest Canonical updates that include vital patches to shield their systems. Administrators should perform complete system audits and confirm that robust security measures are in place to defend against these exploits
Nova could be made to overwrite files.

Summary

Topics%20covered

Topics Covered

security advisory critical file overwrite input validation ubuntu cloud infrastructure nova

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: python-nova 2011.3-0ubuntu6.3 In general, a standard system update will make all the necessary changes.

References

CVE-2011-4596

Severity
critical
Lowest
Low
Medium
High
Critical

December 13, 2011

Topics%20covered

Topics Covered

security advisory critical file overwrite input validation ubuntu cloud infrastructure nova

Package Information

https://launchpad.net/ubuntu/+source/nova/2011.3-0ubuntu6.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here