Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu 12.10 USN-2208-2 High: OpenStack Quantum Network Threat

Calendar May 06, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory high ubuntu data exposure network threat openstack
OpenStack Quantum could be made to expose sensitive information over the network. 

=========================================================================Ubuntu Security Notice USN-2208-2
May 06, 2014

quantum vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

OpenStack Quantum could be made to expose sensitive information over the
network.

Software Description:
- quantum: OpenStack Virtual Network Service

Details:

USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides
the corresponding updates for OpenStack Quantum.

Original advisory details:

 JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce
 SSL connections when Nova was configured to use QPid and qpid_protocol is
 set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle
 attack, this flaw could be exploited to view sensitive information. Ubuntu
 does not use QPid with Nova by default.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  python-quantum                  2012.2.4-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2208-2
  https://ubuntu.com/security/notices/USN-2208-1
  CVE-2013-6491

Package Information:
  https://launchpad.net/ubuntu/+source/quantum/2012.2.4-0ubuntu1.1

Ubuntu 12.10 USN-2208-2 High: OpenStack Quantum Network Threat

ubuntu
Calendar Grey May 6, 2014
Dist Ubuntu Esm H88
OpenStack Neutron flaw may leak confidential information across networks. Ensure your Ubuntu installation is updated for safeguarding.
OpenStack Quantum could be made to expose sensitive information over the network.

Summary

Topics%20covered

Topics Covered

security advisory high ubuntu data exposure network threat openstack

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: python-quantum 2012.2.4-0ubuntu1.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2208-2

https://ubuntu.com/security/notices/USN-2208-1

CVE-2013-6491

Severity
important
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-2208-2

Topics%20covered

Topics Covered

security advisory high ubuntu data exposure network threat openstack

Package Information

https://launchpad.net/ubuntu/+source/quantum/2012.2.4-0ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here