Comment 11 for bug 969545

Regarding the release date, we could do Thursday, April 19th, but I need a commitment from you guys to get the patch approved through gerrit while we're at the conference. If you're not comfortable with that, let's push it to Tuesday, April 24.

Proposed description:

Title: No quota enforced on security group rules
Impact: High
Reporter: Dan Prince <email address hidden>
Products: Nova
Affects: All versions

Description:
Dan Prince reported a vulnerability in Nova. He discovered that there was no limit on the number of security group rules a user can create. By creating a very large set of rules, an unreasonable number of iptables rules will be created on compute nodes, resulting in a denial of service.