CVE 2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
Related bugs and status
CVE-2013-1664 (Candidate) is related to these bugs:
Bug #921774: snapshot stays in saving state if the vm base image is deleted
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 921774 | snapshot stays in saving state if the vm base image is deleted | OpenStack Compute (nova) | High | Fix Released | ||
| 921774 | snapshot stays in saving state if the vm base image is deleted | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 921774 | snapshot stays in saving state if the vm base image is deleted | nova (Ubuntu) | Undecided | Fix Released | ||
| 921774 | snapshot stays in saving state if the vm base image is deleted | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1004791: When attach volume lost attach when node restart
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1004791 | When attach volume lost attach when node restart | OpenStack Compute (nova) | High | Fix Released | ||
| 1004791 | When attach volume lost attach when node restart | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1004791 | When attach volume lost attach when node restart | nova (Ubuntu) | Undecided | Fix Released | ||
| 1004791 | When attach volume lost attach when node restart | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1026210: Nova flavor ephemeral space size reported incorrectly
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1026210 | Nova flavor ephemeral space size reported incorrectly | OpenStack Compute (nova) | Undecided | Fix Released | ||
| 1026210 | Nova flavor ephemeral space size reported incorrectly | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1026210 | Nova flavor ephemeral space size reported incorrectly | nova (Ubuntu) | Undecided | Fix Released | ||
| 1026210 | Nova flavor ephemeral space size reported incorrectly | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1029430: KVM guests networking issues with no virbr0 and with vhost_net kernel modules loaded
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1029430 | KVM guests networking issues with no virbr0 and with vhost_net kernel modules loaded | libvirt (Ubuntu) | Low | Won't Fix | ||
| 1029430 | KVM guests networking issues with no virbr0 and with vhost_net kernel modules loaded | OpenStack Compute (nova) | Medium | Fix Released | ||
| 1029430 | KVM guests networking issues with no virbr0 and with vhost_net kernel modules loaded | nova (Ubuntu) | High | Fix Released | ||
| 1029430 | KVM guests networking issues with no virbr0 and with vhost_net kernel modules loaded | OpenStack Compute (nova) folsom | Medium | Fix Released | ||
| 1029430 | KVM guests networking issues with no virbr0 and with vhost_net kernel modules loaded | Ubuntu Cloud Archive | Undecided | Fix Released | ||
| 1029430 | KVM guests networking issues with no virbr0 and with vhost_net kernel modules loaded | nova (Ubuntu Quantal) | Undecided | Fix Released | ||
Bug #1040537: Bridge port's hairpin mode not set after resuming a machine
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1040537 | Bridge port's hairpin mode not set after resuming a machine | OpenStack Compute (nova) | High | Fix Released | ||
| 1040537 | Bridge port's hairpin mode not set after resuming a machine | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1040537 | Bridge port's hairpin mode not set after resuming a machine | nova (Ubuntu) | Undecided | Fix Released | ||
| 1040537 | Bridge port's hairpin mode not set after resuming a machine | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1043999: nova usage-list returns wrong usage
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1043999 | nova usage-list returns wrong usage | OpenStack Compute (nova) | High | Fix Released | ||
| 1043999 | nova usage-list returns wrong usage | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1043999 | nova usage-list returns wrong usage | nova (Ubuntu) | Undecided | Fix Released | ||
| 1043999 | nova usage-list returns wrong usage | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1045152: Heavily loaded nova-compute instances don't sent reports frequently enough
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | OpenStack Compute (nova) | High | Fix Released | ||
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | oslo-incubator | High | Invalid | ||
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | nova (Ubuntu) | Undecided | Fix Released | ||
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1046313: At termination, LXC rootfs is not always unmounted before rmtree() is called
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1046313 | At termination, LXC rootfs is not always unmounted before rmtree() is called | OpenStack Compute (nova) | High | Fix Released | ||
| 1046313 | At termination, LXC rootfs is not always unmounted before rmtree() is called | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1046313 | At termination, LXC rootfs is not always unmounted before rmtree() is called | nova (Ubuntu) | Undecided | Fix Released | ||
| 1046313 | At termination, LXC rootfs is not always unmounted before rmtree() is called | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1046905: Memcached Token Backend does not support list tokens
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1046905 | Memcached Token Backend does not support list tokens | OpenStack Identity (keystone) | Critical | Fix Released | ||
| 1046905 | Memcached Token Backend does not support list tokens | OpenStack Identity (keystone) essex | Critical | Fix Released | ||
| 1046905 | Memcached Token Backend does not support list tokens | keystone (Ubuntu) | Undecided | Fix Released | ||
| 1046905 | Memcached Token Backend does not support list tokens | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1050025: Token invalidation in case of role grant/revoke should be limited to affected tenant
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | OpenStack Identity (keystone) | Medium | Fix Released | ||
| 1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | OpenStack Identity (keystone) essex | Medium | Fix Released | ||
| 1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | keystone (Ubuntu) | Undecided | Fix Released | ||
| 1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1050982: ensure_default_security_group() does not call sgh
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1050982 | ensure_default_security_group() does not call sgh | OpenStack Compute (nova) | High | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | OpenStack Compute (nova) essex | High | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | OpenStack Compute (nova) folsom | High | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | nova (Ubuntu) | Undecided | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | nova (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1056373: memcache driver needs protection against unicode user keys
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1056373 | memcache driver needs protection against unicode user keys | OpenStack Identity (keystone) | Critical | Fix Released | ||
| 1056373 | memcache driver needs protection against unicode user keys | OpenStack Identity (keystone) essex | Critical | Fix Released | ||
| 1056373 | memcache driver needs protection against unicode user keys | keystone (Ubuntu) | Undecided | Fix Released | ||
| 1056373 | memcache driver needs protection against unicode user keys | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1075859: use_single_default_gateway does not function correctly
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1075859 | use_single_default_gateway does not function correctly | OpenStack Compute (nova) | Medium | Fix Released | ||
| 1075859 | use_single_default_gateway does not function correctly | OpenStack Compute (nova) folsom | Medium | Fix Released | ||
| 1075859 | use_single_default_gateway does not function correctly | nova (Ubuntu) | Undecided | Fix Released | ||
| 1075859 | use_single_default_gateway does not function correctly | nova (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1075859 | use_single_default_gateway does not function correctly | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1079745: Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1079745 | Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached | OpenStack Compute (nova) | Undecided | Invalid | ||
| 1079745 | Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached | nova (Ubuntu) | Undecided | Fix Released | ||
| 1079745 | Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1089337: Please backport Django 1.3.5/1.4.3 security updates
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Lucid) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Oneiric) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Raring) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Precise) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Quantal) | Medium | Fix Released | ||
Bug #1089488: Meta bug for tracking Openstack Stable Updates
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | glance (Ubuntu) | Undecided | Fix Released | ||
Bug #1091939: nova-network applies too liberal a SNAT rule
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1091939 | nova-network applies too liberal a SNAT rule | nova (Ubuntu) | High | Fix Released | ||
| 1091939 | nova-network applies too liberal a SNAT rule | nova (Ubuntu Precise) | High | Fix Released | ||
| 1091939 | nova-network applies too liberal a SNAT rule | OpenStack Compute (nova) | Undecided | Invalid | ||
Bug #1100282: [OSSA 2013-004] DoS through XML entity expansion (CVE-2013-1664)
Bug #1116671: Meta bug for tracking Openstack 2012.2.3 Stable Update
Bug #1130445: Security releases issued - Django 1.3.6, Django 1.4.4
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Lucid) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Oneiric) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Quantal) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Raring) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Precise) | Medium | Fix Released | ||
Bug #1150720: [SRU] There is now a dependency on paramiko v1.8.0
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1150720 | [SRU] There is now a dependency on paramiko v1.8.0 | Cinder | High | Fix Released | ||
| 1150720 | [SRU] There is now a dependency on paramiko v1.8.0 | paramiko (Ubuntu) | High | Fix Released | ||
| 1150720 | [SRU] There is now a dependency on paramiko v1.8.0 | paramiko (Ubuntu Raring) | High | Fix Released | ||
| 1150720 | [SRU] There is now a dependency on paramiko v1.8.0 | paramiko (Ubuntu Precise) | High | Fix Released | ||
| 1150720 | [SRU] There is now a dependency on paramiko v1.8.0 | paramiko (Ubuntu Quantal) | High | Fix Released | ||
| 1150720 | [SRU] There is now a dependency on paramiko v1.8.0 | cinder (Ubuntu) | High | Fix Released | ||
| 1150720 | [SRU] There is now a dependency on paramiko v1.8.0 | cinder (Ubuntu Raring) | High | Won't Fix | ||
| 1150720 | [SRU] There is now a dependency on paramiko v1.8.0 | Cinder folsom | High | Fix Released | ||
Bug #1179707: Meta bug for tracking OpenStack 2012.2.4 Stable Update
See the 
CVE page on Mitre.org
for more details.
