yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1215091] Re: [OSSA 2013-026] Some sequence of characters in console-log can DoS nova-compute (CVE-2013-4261)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Gandelman <1215091@xxxxxxxxxxxxxxxxxx>
Date: Thu, 17 Oct 2013 19:42:57 -0000
Reply-to: Bug 1215091 <1215091@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova/grizzly
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1215091

Title:
  [OSSA 2013-026] Some sequence of characters in console-log can DoS
  nova-compute (CVE-2013-4261)

Status in OpenStack Compute (Nova):
  Invalid
Status in OpenStack Compute (nova) folsom series:
  Fix Committed
Status in OpenStack Compute (nova) grizzly series:
  Fix Released
Status in Oslo - a Library of Common OpenStack Code:
  Invalid
Status in oslo folsom series:
  Fix Committed
Status in oslo grizzly series:
  Fix Committed
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  Reported publicly by Jaroslav Henner at:
  https://bugzilla.redhat.com/show_bug.cgi?id=999164

  for some sequence of characters in the console-log, nova console-log displays:
  ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)

  When console-log is ran often enough, it seems to be causeing death of
  nova-compute.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1215091/+subscriptions