Launchpad CVE tracker

CVE 2013-1068

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.

Related bugs and status

CVE-2013-1068 (Candidate) is related to these bugs:

Bug #1185019: rootwrap sudoers configuration does not follow packaging guidelines

		In	Importance	Status
1185019	rootwrap sudoers configuration does not follow packaging guidelines	nova (Ubuntu)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	cinder (Ubuntu)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	neutron (Ubuntu)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	cinder (Ubuntu Saucy)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	neutron (Ubuntu Saucy)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	nova (Ubuntu Saucy)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	cinder (Ubuntu Trusty)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	neutron (Ubuntu Trusty)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	nova (Ubuntu Trusty)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	cinder (Ubuntu Utopic)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	neutron (Ubuntu Utopic)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	nova (Ubuntu Utopic)	High	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	ironic (Ubuntu)	Undecided	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	ironic (Ubuntu Utopic)	Undecided	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	manila (Ubuntu)	Undecided	Fix Released
1185019	rootwrap sudoers configuration does not follow packaging guidelines	manila (Ubuntu Utopic)	Undecided	Won't Fix

Bug #1328134: [SRU] icehouse 2014.1.1 point release

		In	Importance	Status
1328134	[SRU] icehouse 2014.1.1 point release	nova (Ubuntu)	Undecided	Invalid
1328134	[SRU] icehouse 2014.1.1 point release	ceilometer (Ubuntu)	Undecided	Invalid
1328134	[SRU] icehouse 2014.1.1 point release	cinder (Ubuntu)	Undecided	Invalid
1328134	[SRU] icehouse 2014.1.1 point release	glance (Ubuntu)	Undecided	Invalid
1328134	[SRU] icehouse 2014.1.1 point release	heat (Ubuntu)	Undecided	Invalid
1328134	[SRU] icehouse 2014.1.1 point release	horizon (Ubuntu)	Undecided	Invalid
1328134	[SRU] icehouse 2014.1.1 point release	keystone (Ubuntu)	Undecided	Invalid
1328134	[SRU] icehouse 2014.1.1 point release	neutron (Ubuntu)	Undecided	Invalid
1328134	[SRU] icehouse 2014.1.1 point release	ceilometer (Ubuntu Trusty)	Undecided	Fix Released
1328134	[SRU] icehouse 2014.1.1 point release	cinder (Ubuntu Trusty)	Undecided	Fix Released
1328134	[SRU] icehouse 2014.1.1 point release	glance (Ubuntu Trusty)	Undecided	Fix Released
1328134	[SRU] icehouse 2014.1.1 point release	heat (Ubuntu Trusty)	Undecided	Fix Released
1328134	[SRU] icehouse 2014.1.1 point release	horizon (Ubuntu Trusty)	Undecided	Fix Released
1328134	[SRU] icehouse 2014.1.1 point release	keystone (Ubuntu Trusty)	Undecided	Fix Released
1328134	[SRU] icehouse 2014.1.1 point release	neutron (Ubuntu Trusty)	Undecided	Fix Released
1328134	[SRU] icehouse 2014.1.1 point release	nova (Ubuntu Trusty)	Undecided	Fix Released

Bug #1374999: iSCSI volume detach does not correctly remove the multipath device descriptors

		In	Importance	Status
1374999	iSCSI volume detach does not correctly remove the multipath device descriptors	OpenStack Compute (nova)	Low	Invalid
1374999	iSCSI volume detach does not correctly remove the multipath device descriptors	nova (Ubuntu)	Low	Fix Released
1374999	iSCSI volume detach does not correctly remove the multipath device descriptors	nova (Ubuntu Trusty)	Low	Fix Released
1374999	iSCSI volume detach does not correctly remove the multipath device descriptors	Ubuntu Cloud Archive	Undecided	Fix Released
1374999	iSCSI volume detach does not correctly remove the multipath device descriptors	Ubuntu Cloud Archive juno	Undecided	Won't Fix
1374999	iSCSI volume detach does not correctly remove the multipath device descriptors	Ubuntu Cloud Archive icehouse	Undecided	Fix Released
1374999	iSCSI volume detach does not correctly remove the multipath device descriptors	Ubuntu Cloud Archive kilo	Undecided	Fix Released

Bug #1518016: [SRU] Nova kilo requires concurrency 1.8.2 or better

		In	Importance	Status
1518016	[SRU] Nova kilo requires concurrency 1.8.2 or better	python-oslo.concurrency (Ubuntu)	Undecided	Invalid
1518016	[SRU] Nova kilo requires concurrency 1.8.2 or better	OpenStack Compute (nova)	Undecided	Invalid
1518016	[SRU] Nova kilo requires concurrency 1.8.2 or better	python-oslo.concurrency (Ubuntu Vivid)	Critical	Fix Released
1518016	[SRU] Nova kilo requires concurrency 1.8.2 or better	Ubuntu Cloud Archive	Critical	Fix Released
1518016	[SRU] Nova kilo requires concurrency 1.8.2 or better	Ubuntu Cloud Archive kilo	Critical	Fix Released
1518016	[SRU] Nova kilo requires concurrency 1.8.2 or better	nova (Ubuntu)	Undecided	Invalid
1518016	[SRU] Nova kilo requires concurrency 1.8.2 or better	nova (Ubuntu Vivid)	Critical	Fix Released

Bug #1559215: [SRU] 2015.1.3 stable release

Summary				In	Importance	Status
	1559215	[SRU] 2015.1.3 stable release		Ubuntu Cloud Archive	Undecided	Invalid
	1559215	[SRU] 2015.1.3 stable release		Ubuntu Cloud Archive kilo	High	Fix Released

Bug #1580334: [SRU] 2015.1.4 stable release

Summary				In	Importance	Status
	1580334	[SRU] 2015.1.4 stable release		Ubuntu Cloud Archive	Undecided	Invalid
	1580334	[SRU] 2015.1.4 stable release		Ubuntu Cloud Archive kilo	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-1068

References