Ubuntu 12.04 LTS / 12.10 / 13.04 : nova vulnerabilities (USN-2000-1)

It was discovered that Nova did not properly enforce the ispublic property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. CVE-2013-2256, CVE-2013-4278 Grant Murphy...

CVE-2013-4261

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...