[Openstack-devel] Bug#708515: keystone: CVE-2013-2014 DoS via large POST requests
Nico Golde
nion at debian.org
Thu May 16 09:22:56 UTC 2013
Package: keystone
Severity: grave
Tags: security patch
Hi,
the following vulnerability was published for keystone.
CVE-2013-2014[0]:
| Concurrent requests with large POST body can crash the keystone process.
| This can be used by Malicious and lead to DOS to Cloud Service Provider.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Upstream patch: https://review.openstack.org/#/c/22661/
Seems to be fixed for experimental in 2013.1-1.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
http://security-tracker.debian.org/tracker/CVE-2013-2014
--
Nico Golde - XMPP: nion at jabber.ccc.de - GPG: 0xA0A0AAAA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/openstack-devel/attachments/20130516/9e9ebae4/attachment.pgp>
More information about the Openstack-devel
mailing list