CVE-2012-2101

Publication date 19 April 2012

Last updated 24 July 2024

Ubuntu priority

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
nova	12.10 quantal	Fixed 2012.1-0ubuntu2.1
	12.04 LTS precise	Fixed 2012.1-0ubuntu2.1
	11.10 oneiric	Fixed 2011.3-0ubuntu6.6
	11.04 natty	Ignored
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
nova	Upstream: a67db45 Upstream: 8c8735a

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1438-1
Nova vulnerability
3 May 2012

Other references

https://lists.launchpad.net/openstack/msg10268.html
https://www.cve.org/CVERecord?id=CVE-2012-2101