OpenStack Nova Vulnerabilities Found and Fixed in Ubuntu 13.10 and Ubuntu 14.04 LTS

Users have been advised to upgrade their systems in order to fix the problems

Canonical has announced that a few OpenStack Nova vulnerabilities have been found in its Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.

Ubuntu developers have issued yet another patch for a few of the supported operating systems, this time for OpenStack Nova

“Darragh O'Reilly discovered that OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS,” reads the security notice.

Also, another developer, Loganathan Parthipan, found that OpenStack Nova did not properly create expected files during KVM live block migration. This exploit could have allowed a remote authenticated attacker to obtain root disk snapshot contents.

These are just two of the vulnerabilities that have been found and fixed. For a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.

The flaws can be fixed if you upgrade your system(s) to the latest python-nova packages specific to each distribution. To apply the patch, run the Update Manager application.

In general, a standard system update will make all the necessary changes and users won't have to restart the PC or the laptop in order to apply the patch.

Hot right now  ·  Latest news