PublicDateAtUSN: 2013-08-08 15:00:00 UTC
Candidate: CVE-2013-4179
CRD: 2013-08-08 15:00:00 UTC
PublicDate: 2013-09-16 19:14:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
 https://ubuntu.com/security/notices/USN-2005-1
 https://ubuntu.com/security/notices/USN-2000-1
Description:
 The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3,
 Havana before havana-3, and earlier allows remote attackers to cause a
 denial of service (resource consumption and crash) via an XML Entity
 Expansion (XEE) attack.  NOTE: this issue is due to an incomplete fix for
 CVE-2013-1664.
Ubuntu-Description:
Notes:
 jdstrand> Ubuntu 12.04 LTS and 12.10 not affected per upstream
 jdstrand> Ubuntu 13.04 has fix in raring-updates
Bugs:
 http://launchpad.net/bugs/1190229
Priority: medium
Discovered-by: Grant Murphy
Assigned-to: jdstrand
CVSS: 

Patches_nova:
 other: https://bugs.launchpad.net/ossa/+bug/1190229
upstream_nova: released (1:2013.2)
lucid_nova: DNE
precise_nova: not-affected
quantal_nova: not-affected
raring_nova: released (1:2013.1.3-0ubuntu1.1)
saucy_nova: not-affected (1:2013.2~rc2-0ubuntu1)
devel_nova: not-affected (1:2013.2~rc2-0ubuntu1)