CVE-2013-4185

Publication date 7 August 2013

Last updated 24 July 2024

Ubuntu priority

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
nova	13.10 saucy	Not affected
	13.04 raring	Fixed 1:2013.1.3-0ubuntu1.1
	12.10 quantal	Fixed 2012.2.4-0ubuntu3.1
	12.04 LTS precise	Fixed 2012.1.3+stable-20130423-e52e6912-0ubuntu1.2
	10.04 LTS lucid	Not in release

Notes

jdstrand

Ubuntu 13.04 has fix in raring-updates

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
nova	Upstream: https://review.openstack.org/39541 Upstream: https://review.openstack.org/39543 Upstream: https://review.openstack.org/39544

References

Related Ubuntu Security Notices (USN)