CVE 2012-2101
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.
Related bugs and status
CVE-2012-2101 (Candidate) is related to these bugs:
Bug #754900: [SRU] Nova-manage network delete does not delete from fixed_ips
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 754900 | [SRU] Nova-manage network delete does not delete from fixed_ips | OpenStack Compute (nova) | Medium | Fix Released | ||
| 754900 | [SRU] Nova-manage network delete does not delete from fixed_ips | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 754900 | [SRU] Nova-manage network delete does not delete from fixed_ips | nova (Ubuntu) | Undecided | Fix Released | ||
| 754900 | [SRU] Nova-manage network delete does not delete from fixed_ips | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #952176: [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify"
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 952176 | [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify" | OpenStack Compute (nova) | Medium | Fix Released | ||
| 952176 | [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify" | nova (Ubuntu) | Undecided | Fix Released | ||
| 952176 | [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify" | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 952176 | [SRU] Cannot associate a second network/vlan to a tenant with "nova-manage network modify" | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #962615: [SRU] Unable to list volumes after building from snapshot
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 962615 | [SRU] Unable to list volumes after building from snapshot | OpenStack Compute (nova) | High | Fix Released | ||
| 962615 | [SRU] Unable to list volumes after building from snapshot | OpenStack Compute (nova) essex | High | Fix Released | ||
| 962615 | [SRU] Unable to list volumes after building from snapshot | OpenStack Compute (nova) folsom | High | Fix Released | ||
| 962615 | [SRU] Unable to list volumes after building from snapshot | nova (Ubuntu) | Undecided | Fix Released | ||
| 962615 | [SRU] Unable to list volumes after building from snapshot | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #967931: [SRU] killfilter should handle updated/deleted executables
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 967931 | [SRU] killfilter should handle updated/deleted executables | OpenStack Compute (nova) | Medium | Fix Released | ||
| 967931 | [SRU] killfilter should handle updated/deleted executables | nova (Ubuntu) | Undecided | Fix Released | ||
| 967931 | [SRU] killfilter should handle updated/deleted executables | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 967931 | [SRU] killfilter should handle updated/deleted executables | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #968843: [SRU] connection leak in rpc connection pool
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 968843 | [SRU] connection leak in rpc connection pool | OpenStack Compute (nova) | High | Fix Released | ||
| 968843 | [SRU] connection leak in rpc connection pool | nova (Ubuntu) | Undecided | Fix Released | ||
| 968843 | [SRU] connection leak in rpc connection pool | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 968843 | [SRU] connection leak in rpc connection pool | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #969545: missing quotas on security group rules
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 969545 | missing quotas on security group rules | OpenStack Compute (nova) | High | Fix Released | ||
| 969545 | missing quotas on security group rules | OpenStack Compute (nova) essex | High | Fix Released | ||
| 969545 | missing quotas on security group rules | nova (Ubuntu) | Undecided | Fix Released | ||
| 969545 | missing quotas on security group rules | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #971640: [SRU] public key injection should be configurable
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 971640 | [SRU] public key injection should be configurable | OpenStack Compute (nova) | Medium | Fix Released | ||
| 971640 | [SRU] public key injection should be configurable | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 971640 | [SRU] public key injection should be configurable | nova (Ubuntu) | Undecided | Fix Released | ||
| 971640 | [SRU] public key injection should be configurable | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 971640 | [SRU] public key injection should be configurable | nova (Ubuntu Quantal) | Undecided | Fix Released | ||
Bug #973194: [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 973194 | [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images. | OpenStack Compute (nova) | Medium | Fix Released | ||
| 973194 | [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images. | nova (Ubuntu) | Undecided | Fix Released | ||
| 973194 | [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images. | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 973194 | [SRU] Parallel VM creation fails when nova-computes share the disks and each nova-compute node has no cached images. | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #975043: [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 975043 | [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn | OpenStack Compute (nova) | Low | Fix Released | ||
| 975043 | [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 975043 | [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn | nova (Ubuntu) | Undecided | Fix Released | ||
| 975043 | [SRU] Cloudpipe VPN instance can loose connectivity after starting openvpn | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #977759: [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 977759 | [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization | OpenStack Compute (nova) | Medium | Fix Released | ||
| 977759 | [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization | nova (Ubuntu) | Undecided | Fix Released | ||
| 977759 | [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 977759 | [SRU] With QuantumManager, nova-network does not start dnsmasq during initialization | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #983206: [SRU] nova errors when keypair starts with 0XG using EC2 API
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 983206 | [SRU] nova errors when keypair starts with 0XG using EC2 API | OpenStack Compute (nova) | Low | Fix Released | ||
| 983206 | [SRU] nova errors when keypair starts with 0XG using EC2 API | nova (Ubuntu) | Undecided | Fix Released | ||
| 983206 | [SRU] nova errors when keypair starts with 0XG using EC2 API | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 983206 | [SRU] nova errors when keypair starts with 0XG using EC2 API | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #987335: [SRU] libvit/connection.py missing console_log variable
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 987335 | [SRU] libvit/connection.py missing console_log variable | OpenStack Compute (nova) | Medium | Fix Released | ||
| 987335 | [SRU] libvit/connection.py missing console_log variable | nova (Ubuntu) | Undecided | Fix Released | ||
| 987335 | [SRU] libvit/connection.py missing console_log variable | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 987335 | [SRU] libvit/connection.py missing console_log variable | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #988615: [SRU] xen: destroy_vdi breaks because session is not passed in
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 988615 | [SRU] xen: destroy_vdi breaks because session is not passed in | OpenStack Compute (nova) | Medium | Fix Released | ||
| 988615 | [SRU] xen: destroy_vdi breaks because session is not passed in | OpenStack Compute (nova) essex | Medium | Fix Released | ||
| 988615 | [SRU] xen: destroy_vdi breaks because session is not passed in | nova (Ubuntu) | Undecided | Fix Released | ||
| 988615 | [SRU] xen: destroy_vdi breaks because session is not passed in | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #989764: [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 989764 | [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour | OpenStack Compute (nova) | Low | Fix Released | ||
| 989764 | [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour | nova (Ubuntu) | Undecided | Fix Released | ||
| 989764 | [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 989764 | [SRU] timeout on EC2 CreateImage action is 60 hours instead of 1 hour | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #990237: [sru] libvirt get_console_output: 'instance_name' is not defined
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 990237 | [sru] libvirt get_console_output: 'instance_name' is not defined | OpenStack Compute (nova) | Medium | Fix Released | ||
| 990237 | [sru] libvirt get_console_output: 'instance_name' is not defined | nova (Ubuntu) | Undecided | Fix Released | ||
| 990237 | [sru] libvirt get_console_output: 'instance_name' is not defined | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 990237 | [sru] libvirt get_console_output: 'instance_name' is not defined | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #992916: [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 992916 | [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17 | OpenStack Compute (nova) | Medium | Fix Released | ||
| 992916 | [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17 | nova (Ubuntu) | Undecided | Fix Released | ||
| 992916 | [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17 | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 992916 | [SRU] nova.tests.test_nova_rootwrap fails on Fedora 17 | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #993663: [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8'
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 993663 | [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8' | OpenStack Compute (nova) | Medium | Fix Released | ||
| 993663 | [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8' | nova (Ubuntu) | Undecided | Fix Released | ||
| 993663 | [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8' | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 993663 | [SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8' | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #997014: [SRU] Memory is not correctly computed for Xen+libvirt
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 997014 | [SRU] Memory is not correctly computed for Xen+libvirt | OpenStack Compute (nova) | High | Fix Released | ||
| 997014 | [SRU] Memory is not correctly computed for Xen+libvirt | nova (Ubuntu) | Undecided | Fix Released | ||
| 997014 | [SRU] Memory is not correctly computed for Xen+libvirt | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 997014 | [SRU] Memory is not correctly computed for Xen+libvirt | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 997014 | [SRU] Memory is not correctly computed for Xen+libvirt | nova (CentOS) | Undecided | New | ||
Bug #1000261: newer `qemu-img info` causes in exception when finding the backing file for qcow2 images
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1000261 | newer `qemu-img info` causes in exception when finding the backing file for qcow2 images | OpenStack Compute (nova) | Medium | Fix Released | ||
| 1000261 | newer `qemu-img info` causes in exception when finding the backing file for qcow2 images | nova (Ubuntu) | Undecided | Fix Released | ||
| 1000261 | newer `qemu-img info` causes in exception when finding the backing file for qcow2 images | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #1000403: [SRU] multi scheduler does not handle capabilities updates correctly
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1000403 | [SRU] multi scheduler does not handle capabilities updates correctly | OpenStack Compute (nova) | Low | Fix Released | ||
| 1000403 | [SRU] multi scheduler does not handle capabilities updates correctly | nova (Ubuntu) | Undecided | Fix Released | ||
| 1000403 | [SRU] multi scheduler does not handle capabilities updates correctly | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 1000403 | [SRU] multi scheduler does not handle capabilities updates correctly | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
Bug #1010473: [SRU] Tracker for 12.04 Openstack Updates
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1010473 | [SRU] Tracker for 12.04 Openstack Updates | nova (Ubuntu) | High | Fix Released | ||
| 1010473 | [SRU] Tracker for 12.04 Openstack Updates | glance (Ubuntu) | High | Fix Released | ||
| 1010473 | [SRU] Tracker for 12.04 Openstack Updates | keystone (Ubuntu) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
