On December 12, Canonical published in a security notice details about a Bind vulnerability for its Ubuntu 12.10 (Quantal Quetzal) operating system. According to Canonical, Nova could have been made to expose sensitive information.
Eric Windisch discovered that Nova did not properly clear the LVM-backed images before they were reallocated, which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances.
For a more detailed description of the security problems, you can visit Canonical's security
notification.
Users can simply fix the security flaws by upgrading the operating systems to the latest python-nova specific to each distribution.
A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.
To update your system you can follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
