Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

Ubuntu 14.04 LTS USN-2407-1 Moderate: Nova Sensitive Data Exposure

ubuntu
Calendar Grey November 11, 2014
Scroller Ubuntu Esm H88
Ubuntu Security Notice USN-2407-1 outlines vulnerabilities identified in OpenStack Nova, highlights possible exploitation vectors, and suggests necessary updates.
OpenStack Nova could be made to expose sensitive information.

Summary

OpenStack Nova could be made to expose sensitive information.

Software Description:

- nova: OpenStack Compute cloud infrastructure

Details:

Garth Mollett discovered that OpenStack Nova did not properly clean up an

instance when using rescue mode with the VMWare driver. A remove

authenticated user could exploit this to bypass intended quota limits. By

default, Ubuntu does not use the VMWare driver. (CVE-2014-3608)

Amrith Kumar discovered that OpenStack Nova did not properly sanitize log

message contents. Under certain circumstances, a local attacker with read

access to Nova log files could obtain access to sensitive information.

(CVE-2014-7230)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  python-nova                     1:2014.1.3-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3608, CVE-2014-7230

=========================================================================Ubuntu Security Notice USN-2407-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.