First published: Wed Aug 21 2013(Updated: )
Jaroslav Henner (jhenner) reports: When console-log is run often enough, it seems to be causing death of nova-compute.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenStack Folsom | <=- | |
OpenStack Grizzly | <=- | |
redhat openstack | =3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-4261 has a moderate severity level, as it can cause nova-compute processes to terminate unexpectedly.
To fix CVE-2013-4261, upgrade to a version of OpenStack that is not affected, particularly later versions than Folsom and Grizzly.
CVE-2013-4261 affects OpenStack Compute (Nova) versions Folsom, Grizzly, and earlier when using Apache Qpid.
To mitigate the risks of CVE-2013-4261, monitor nova-compute logs for errors and consider rate limiting console-log usage.
A possible workaround for CVE-2013-4261 is to avoid using Apache Qpid for the RPC backend in affected OpenStack deployments.