[OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)
Bug #1215091 reported by
Thierry Carrez
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Invalid
|
High
|
Michael Still | ||
| Grizzly |
Fix Released
|
High
|
Unassigned | ||
| OpenStack Security Advisory |
Fix Released
|
High
|
Thierry Carrez | ||
| oslo-incubator |
Invalid
|
Undecided
|
Unassigned | ||
| Folsom |
Fix Committed
|
Undecided
|
Unassigned | ||
| Grizzly |
Fix Committed
|
Undecided
|
Unassigned | ||
Bug Description
Reported publicly by Jaroslav Henner at: https:/
for some sequence of characters in the console-log, nova console-log displays:
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
When console-log is ran often enough, it seems to be causeing death of nova-compute.
CVE References
| Changed in nova: | |
| status: | Incomplete → Invalid |
| Changed in oslo: | |
| status: | New → Invalid |
| Changed in ossa: | |
| status: | Triaged → In Progress |
| Changed in ossa: | |
| status: | In Progress → Fix Committed |
| no longer affects: | nova/folsom |
To post a comment you must log in.

mikal is working on fixing our old friend bug 832507, maybe he should take a look at this one as well.