14 DAY TRIAL // On February 20, Canonical published in a security notice details about OpenStack Cinder vulnerability for its Ubuntu 12.10 and Ubuntu 12.04 operating systems.
According to Canonical, Cinder could be made to crash if it received specially crafted input.
It was discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion.
For a more detailed description of the security problems, you can visit Canonical's security notification.
The security flaws can be fixed if you upgrade your system(s) to the latest python-cinder package specific to each distribution. To apply the update, run the Update Manager application.
In general, a standard system update will make all the necessary changes. A system restart will not be needed to implement the changes.
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.