USN-2325-1: OpenStack Nova vulnerability
Ubuntu Security Notice USN-2325-1
21st August, 2014
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
OpenStack Nova could be made to expose sensitive information over the network.
- nova - OpenStack Compute cloud infrastructure
Alex Gaynor discovered that OpenStack Nova would sometimes respond with
variable times when comparing authentication tokens. If nova were
configured to proxy metadata requests via Neutron, a remote authenticated
attacker could exploit this to conduct timing attacks and ascertain
configuration details of another instance.
The problem can be corrected by updating your system to the following package version:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.