USN-1438-1: Nova vulnerability

3 May 2012

nova vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10


Nova could be made to crash the system under certain conditions.

Software Description

  • nova - OpenStack Compute cloud infrastructure


Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS
python-nova - 2012.1-0ubuntu2.1
Ubuntu 11.10
python-nova - 2011.3-0ubuntu6.6

To update your system, please follow these instructions:

In general, a standard system update will make all the necessary changes.