OSSA-2013-030: XenAPI security groups not kept through migrate or resize

OSSA-2013-030: XenAPI security groups not kept through migrate or resize¶

Date:: November 14, 2013
CVE:: CVE-2013-4497

Affects¶

Nova: All supported versions prior to Havana

Description¶

Chris Behrens with Rackspace and Vangelis Tasoulas reported a set of vulnerabilities in OpenStack Nova’s XenAPI hypervisor backend. When migrating or resizing an instance, including live migration, existing security groups may not be reapplied after the operation completes. This can lead to unintentional network exposure for virtual machines. Only setups using the XenAPI backend are affected.

Patches¶

https://review.openstack.org/#/c/52987 (Grizzly)
https://review.openstack.org/#/c/52989 (Grizzly)

Credits¶

Chris Behrens from Rackspace (CVE-2013-4497)
Vangelis Tasoulas (CVE-2013-4497)

References¶

this page last updated: 2024-03-18 15:52:07

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.