logo
DATABASE RESOURCES PRICING ABOUT US

OpenStack Nova vulnerabilities

Description

George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241) George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. (CVE-2015-3280) It was discovered that OpenStack Nova incorrectly limited qemu-img calls. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-5162) Matthew Booth discovered that OpenStack Nova incorrectly handled snapshots. A remote authenticated user could use this issue to read arbitrary files. (CVE-2015-7548) Sreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied security group changes. A remote attacker could possibly use this issue to bypass intended restriction changes by leveraging an instance that was running when the change was made. (CVE-2015-7713) Matt Riedemann discovered that OpenStack Nova incorrectly handled logging. A local attacker could possibly use this issue to obtain sensitive information from log files. (CVE-2015-8749) Matthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2 headers. A remote authenticated user could possibly use this issue to read arbitrary files. (CVE-2016-2140)


Affected Package


OS OS Version Package Name Package Version
Ubuntu 14.04 python-nova 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-ajax-console-proxy 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-api 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-api-ec2 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-api-metadata 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-api-os-compute 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-api-os-volume 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-baremetal 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-cells 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-cert 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-common 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-compute 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-compute-kvm 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-compute-libvirt 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-compute-lxc 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-compute-qemu 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-compute-vmware 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-compute-xen 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-conductor 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-console 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-consoleauth 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-doc 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-network 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-novncproxy 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-objectstore 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-scheduler 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-spiceproxy 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-volume 1:2014.1.5-0ubuntu1.7
Ubuntu 14.04 nova-xvpvncproxy 1:2014.1.5-0ubuntu1.7

Related