Launchpad CVE tracker

CVE 2013-4497

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

Related bugs and status

CVE-2013-4497 (Candidate) is related to these bugs:

Bug #1073306: [OSSA 2013-030] xenapi migrations don't apply security group filters (CVE-2013-4497)

		In	Importance	Status
1073306	[OSSA 2013-030] xenapi migrations don't apply security group filters (CVE-2013-4497)	OpenStack Compute (nova)	High	Fix Released
1073306	[OSSA 2013-030] xenapi migrations don't apply security group filters (CVE-2013-4497)	OpenStack Security Advisory	High	Fix Released
1073306	[OSSA 2013-030] xenapi migrations don't apply security group filters (CVE-2013-4497)	OpenStack Compute (nova) grizzly	High	Fix Released

Bug #1202266: [OSSA 2013-030] xenapi: secgroups are not in place after live-migration (CVE-2013-4497)

		In	Importance	Status
1202266	[OSSA 2013-030] xenapi: secgroups are not in place after live-migration (CVE-2013-4497)	OpenStack Compute (nova)	High	Fix Released
1202266	[OSSA 2013-030] xenapi: secgroups are not in place after live-migration (CVE-2013-4497)	OpenStack Security Advisory	High	Fix Released
1202266	[OSSA 2013-030] xenapi: secgroups are not in place after live-migration (CVE-2013-4497)	OpenStack Compute (nova) grizzly	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4497

References