Release date:
Updated on:
Affected Systems:
RedHat Fedora 16
Ubuntu Linux 12.04 LTS i386
Ubuntu Linux 12.04 LTS amd64
Ubuntu Linux 11.10 i386
Ubuntu Linux 11.10 amd64
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53875
Cve id: CVE-2012-2654
OpenStack Compute (Nova) is a cloud computing constructor written in Python and is part of the laaS system.
After a security group is created, the network protocol is not completely specified in lowercase letters. OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), Diablo (2011.3) the EC2 and OS APIs in do not correctly check the protocol and allow remote attackers to bypass the target access restriction.
<* Source: HP Cloud Services
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
RedHat
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.redhat.com/apps/support/errata/index.html