[Openstack-devel] Bug#701773: nova: CVE-2013-0335: VNC proxy can connect to the wrong VM
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 26 22:28:56 UTC 2013
Package: nova
Version: 2012.1.1-13
Severity: important
Tags: security
Hi,
the following vulnerability was published for nova.
CVE-2013-0335[0]:
VNC proxy can connect to the wrong VM
See also the announcement[1].
Patches for folsom are available[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-0335
[1] http://marc.info/?l=oss-security&m=136190371727273&w=2
[2] https://review.openstack.org/#/c/22758/
At first glance it looks nova in testing/unstable and also
experimental are affected, could you please double-check?
Could you prepare a fixed pckage for unstable only containing the
needed change and contact the release team?
I have choosen severity important here. If I understand the issue
correctly, it would be possible for a user accessing a VM he does not
own.
Regards,
Salvatore
More information about the Openstack-devel
mailing list